The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-06-02T04:00:00
Updated: 2024-08-07T22:06:57.419Z
Reserved: 2005-06-02T00:00:00
Link: CVE-2005-1824
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2005-06-02T04:00:00.000
Modified: 2008-09-05T20:50:11.870
Link: CVE-2005-1824
Redhat
No data.