Vulnerability Details CVE-2008-2380
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.6%
CVSS Severity
CVSS v2 Score 5.1
References
- http://osvdb.org/50811
- http://secunia.com/advisories/33235
- http://secunia.com/advisories/34234
- http://security.gentoo.org/glsa/glsa-200903-25.xml
- http://www.courier-mta.org/authlib/changelog.html
- http://www.securityfocus.com/bid/32926
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47494
- http://osvdb.org/50811
- http://secunia.com/advisories/33235
- http://secunia.com/advisories/34234
- http://security.gentoo.org/glsa/glsa-200903-25.xml
- http://www.courier-mta.org/authlib/changelog.html
- http://www.securityfocus.com/bid/32926
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47494
Products affected by CVE-2008-2380
-
cpe:2.3:a:courier-mta:courtier-authlib:0.52
-
cpe:2.3:a:courier-mta:courtier-authlib:0.53
-
cpe:2.3:a:courier-mta:courtier-authlib:0.54
-
cpe:2.3:a:courier-mta:courtier-authlib:0.55
-
cpe:2.3:a:courier-mta:courtier-authlib:0.56
-
cpe:2.3:a:courier-mta:courtier-authlib:0.57
-
cpe:2.3:a:courier-mta:courtier-authlib:0.58
-
cpe:2.3:a:courier-mta:courtier-authlib:0.59
-
cpe:2.3:a:courier-mta:courtier-authlib:0.59.1
-
cpe:2.3:a:courier-mta:courtier-authlib:0.59.2
-
cpe:2.3:a:courier-mta:courtier-authlib:0.59.3
-
cpe:2.3:a:courier-mta:courtier-authlib:0.60
-
cpe:2.3:a:courier-mta:courtier-authlib:0.60.1
-
cpe:2.3:a:courier-mta:courtier-authlib:0.60.2
-
cpe:2.3:a:courier-mta:courtier-authlib:0.60.3
-
cpe:2.3:a:courier-mta:courtier-authlib:0.60.4
-
cpe:2.3:a:courier-mta:courtier-authlib:0.60.5
-
cpe:2.3:a:courier-mta:courtier-authlib:0.60.6
-
cpe:2.3:a:courier-mta:courtier-authlib:0.61.0
-
cpe:2.3:a:courier-mta:courtier-authlib:0.61.1