Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2011-2688

Published: 28/07/2011 Updated: 16/11/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Mod Authnz External Project

Vulnerability Summary

SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and previous versions for the Apache HTTP Server allows remote malicious users to execute arbitrary SQL commands via the user field.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mod_authnz_external_project mod_authnz_external

debian debian linux 5.0

debian debian linux 6.0

debian debian linux 7.0

Vendor Advisories

Debian CVElist Bug Report Logs: Exploitable remotely: SQL injection
Debian Bug report logs - #633637 Exploitable remotely: SQL injection Package: libapache2-mod-authnz-external; Maintainer for libapache2-mod-authnz-external is Hai Zaar <haizaar@haizaarcom>; Source for libapache2-mod-authnz-external is src:libapache2-mod-authnz-external (PTS, buildd, popcon) Reported by: Amaya Rodrigo Sastre ...
Debian Security Advisories: DSA-2279-1 libapache2-mod-authnz-external -- SQL injection
It was discovered that libapache2-mod-authnz-external, an apache authentication module, is prone to an SQL injection via the $user parameter For the stable distribution (squeeze), this problem has been fixed in version 324-2+squeeze1 The oldstable distribution (lenny) does not contain libapache2-mod-authnz-external For the testing distribution ...

References

CWE-89http://anders.fix.no/software/#unixhttp://www.openwall.com/lists/oss-security/2011/07/12/17http://www.securityfocus.com/bid/48653http://code.google.com/p/mod-auth-external/issues/detail?id=5http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633637http://www.openwall.com/lists/oss-security/2011/07/12/10http://secunia.com/advisories/45240http://www.debian.org/security/2011/dsa-2279https://exchange.xforce.ibmcloud.com/vulnerabilities/68799https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633637https://nvd.nist.govhttps://www.debian.org/security/./dsa-2279
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook