Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV prior to 0.9.4.1 allow remote malicious users to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simon pamies pywebdav 0.9.2 |
||
simon pamies pywebdav 0.8 |
||
simon pamies pywebdav 0.3 |
||
simon pamies pywebdav |
||
simon pamies pywebdav 0.7 |
||
simon pamies pywebdav 0.6 |
||
simon pamies pywebdav 0.5.1 |
||
simon pamies pywebdav 0.5 |
||
simon pamies pywebdav 0.9.3 |
||
simon pamies pywebdav 0.9.1 |