CVE-2009-1208

SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
auth2dbauth2db
0.1.0
auth2dbauth2db
0.1.2
auth2dbauth2db
0.1.3
auth2dbauth2db
0.1.4
auth2dbauth2db
0.1.5
auth2dbauth2db
0.1.6
auth2dbauth2db
0.1.7
auth2dbauth2db
0.1.8
auth2dbauth2db
0.1.9
auth2dbauth2db
0.2.0
auth2dbauth2db
0.2.1
auth2dbauth2db
0.2.2
auth2dbauth2db
0.2.3
auth2dbauth2db
0.2.4
auth2dbauth2db
0.2.5
auth2dbauth2db
0.2.6
auth2dbauth2db0.1.1
*
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
auth2db
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
ignored
intrepid
ignored
hardy
dne
gutsy
dne
dapper
dne
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521823
http://secunia.com/advisories/34488
http://www.auth2db.com.ar/?title=CHANGELOG
http://www.debian.org/security/2009/dsa-1757
http://www.securityfocus.com/bid/34287
https://exchange.xforce.ibmcloud.com/vulnerabilities/49518
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521823
http://secunia.com/advisories/34488
http://www.auth2db.com.ar/?title=CHANGELOG
http://www.debian.org/security/2009/dsa-1757
http://www.securityfocus.com/bid/34287
https://exchange.xforce.ibmcloud.com/vulnerabilities/49518