CVE-2011-2688
Description
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
Related CPE's
References
Third Party Advisory
Mailing ListPatchThird Party Advisory
Third Party AdvisoryVDB Entry
Third Party Advisory
Issue TrackingPatchThird Party Advisory
Mailing ListPatchThird Party Advisory
Third Party Advisory
Third Party Advisory
Third Party AdvisoryVDB Entry
CvssV3 impact
Could not find any metrics
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:L/Au:N/C:P/I:P/A:P |
AccessVector | NETWORK |
AccessComplexity | LOW |
Authentication | NONE |
ConfidentialityImpact | PARTIAL |
IntegrityImpact | PARTIAL |
AvailabilityImpact | PARTIAL |
BaseScore | 7.5 |