Описание
SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.
SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2009-1208
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49518
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521823
- http://secunia.com/advisories/34488
- http://www.auth2db.com.ar/?title=CHANGELOG
- http://www.debian.org/security/2009/dsa-1757
- http://www.securityfocus.com/bid/34287
Связанные уязвимости
SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.
SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.
SQL injection vulnerability in auth2db 0.2.5, and possibly other versi ...