CVE-2011-2688

SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
mod_authnz_external_projectmod_authnz_external
𝑥
≤ 3.2.5
debiandebian_linux
5.0
debiandebian_linux
6.0
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libapache2-mod-authnz-external
bullseye
3.3.2-0.1
fixed
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
bookworm
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libapache2-mod-authnz-external
natty
Fixed 3.2.4-2+squeeze1build0.11.04.1
released
maverick
Fixed 3.2.4-2+squeeze1build0.10.10.1
released
lucid
Fixed 3.2.4-2+squeeze1build0.10.04.1
released
hardy
ignored
Common Weakness Enumeration
References
http://anders.fix.no/software/#unix
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633637
http://code.google.com/p/mod-auth-external/issues/detail?id=5
http://secunia.com/advisories/45240
http://www.debian.org/security/2011/dsa-2279
http://www.openwall.com/lists/oss-security/2011/07/12/10
http://www.openwall.com/lists/oss-security/2011/07/12/17
http://www.securityfocus.com/bid/48653
https://exchange.xforce.ibmcloud.com/vulnerabilities/68799
http://anders.fix.no/software/#unix
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633637
http://code.google.com/p/mod-auth-external/issues/detail?id=5
http://secunia.com/advisories/45240
http://www.debian.org/security/2011/dsa-2279
http://www.openwall.com/lists/oss-security/2011/07/12/10
http://www.openwall.com/lists/oss-security/2011/07/12/17
http://www.securityfocus.com/bid/48653
https://exchange.xforce.ibmcloud.com/vulnerabilities/68799