Описание
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.12.1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [0.10.0-0ubuntu2.2]] |
| lucid | ignored | end of life |
| precise | not-affected | QT 4.8.1 |
| trusty | released | 0.10.0-0ubuntu2.2 |
| trusty/esm | DNE | trusty was released [0.10.0-0ubuntu2.2] |
| upstream | needed | |
| utopic | released | 0.10.1-0ubuntu1.2 |
| vivid | released | 0.12.2-0ubuntu0.1 |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.
Quassel before 0.12.2 does not properly re-initialize the database ses ...
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.
EPSS
7.5 High
CVSS2