Описание
Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 0.9.4-3 |
| hardy | DNE | |
| karmic | ignored | end of life |
| lucid | ignored | end of life |
| maverick | released | 0.9.4-1+squeeze1build0.10.10.1 |
| natty | not-affected | 0.9.4-3 |
| oneiric | not-affected | 0.9.4-3 |
| precise | not-affected | 0.9.4-3 |
| quantal | not-affected | 0.9.4-3 |
Показывать по
Ссылки на источники
7.5 High
CVSS2
Связанные уязвимости
Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in the get_userinfo method in t ...
7.5 High
CVSS2