Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2011-0432

Published: 14/03/2011 Updated: 15/03/2011
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Simon Pamies

Vulnerability Summary

Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV prior to 0.9.4.1 allow remote malicious users to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.

Vulnerable Product Search on Vulmon Subscribe to Product

simon pamies pywebdav 0.9.2

simon pamies pywebdav 0.8

simon pamies pywebdav 0.3

simon pamies pywebdav

simon pamies pywebdav 0.7

simon pamies pywebdav 0.6

simon pamies pywebdav 0.5.1

simon pamies pywebdav 0.5

simon pamies pywebdav 0.9.3

simon pamies pywebdav 0.9.1

Vendor Advisories

Debian Security Advisories: DSA-2177-1 pywebdav -- SQL injection
It was discovered that PyWebDAV, a WebDAV server implementation, contains several SQL injection vulnerabilities in the processing of user credentials The oldstable distribution (lenny) does not contain a python-webdav package For the stable distribution (squeeze), this problem has been fixed in version 094-1+squeeze1 For the testing distributi ...

References

CWE-89http://secunia.com/advisories/43571http://secunia.com/advisories/43602http://www.debian.org/security/2011/dsa-2177https://bugzilla.redhat.com/show_bug.cgi?id=677718http://www.vupen.com/english/advisories/2011/0553http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.htmlhttp://www.vupen.com/english/advisories/2011/0554http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.htmlhttp://code.google.com/p/pywebdav/updates/listhttp://secunia.com/advisories/43703http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.htmlhttp://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gzhttp://www.vupen.com/english/advisories/2011/0634http://www.securityfocus.com/bid/46655https://nvd.nist.govhttps://www.debian.org/security/./dsa-2177
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-codedCVE-2024-27202NULL pointer dereferenceCVE-2024-28075CVE-2024-33608CVE-2024-28889CVE-2024-34572template injectionCVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook