CVE-2009-1208

EUVD-2009-1207
SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
auth2dbauth2db
0.1.0
auth2dbauth2db
0.1.2
auth2dbauth2db
0.1.3
auth2dbauth2db
0.1.4
auth2dbauth2db
0.1.5
auth2dbauth2db
0.1.6
auth2dbauth2db
0.1.7
auth2dbauth2db
0.1.8
auth2dbauth2db
0.1.9
auth2dbauth2db
0.2.0
auth2dbauth2db
0.2.1
auth2dbauth2db
0.2.2
auth2dbauth2db
0.2.3
auth2dbauth2db
0.2.4
auth2dbauth2db
0.2.5
auth2dbauth2db
0.2.6
auth2dbauth2db0.1.1
*
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
auth2db
dapper
dne
gutsy
dne
hardy
dne
intrepid
ignored
jaunty
ignored
karmic
not-affected
lucid
not-affected
maverick
not-affected
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521823
http://secunia.com/advisories/34488
http://www.auth2db.com.ar/?title=CHANGELOG
http://www.debian.org/security/2009/dsa-1757
http://www.securityfocus.com/bid/34287
https://exchange.xforce.ibmcloud.com/vulnerabilities/49518
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521823
http://secunia.com/advisories/34488
http://www.auth2db.com.ar/?title=CHANGELOG
http://www.debian.org/security/2009/dsa-1757
http://www.securityfocus.com/bid/34287
https://exchange.xforce.ibmcloud.com/vulnerabilities/49518