Multiple format string vulnerabilities in logging functions in mod_auth_pgsql prior to 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated malicious users to execute arbitrary code, as demonstrated via the username.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
guiseppe tanzilli and matthias eckermann mod auth pgsql 0.9.5 |
||
guiseppe tanzilli and matthias eckermann mod auth pgsql 0.9.6 |
||
guiseppe tanzilli and matthias eckermann mod auth pgsql |