CVE-2008-2667SQL Injection in Courier-authlib

CWE-89SQL Injection4 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
1.6%
top 18.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Courier-authlibCourier-mta Courtier-authlib
Timeline
PublishedJul 7
Latest updateMay 1

Description

SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

debiandebian/courier-authlib< courier-authlib 0.60.1-2.1 (bookworm)
NVDcourier-mta/courtier-authlib17 versions+16

🔴Vulnerability Details

2
GHSA
GHSA-3r5f-vjfp-r32c: SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 02022-05-01
OSV
CVE-2008-2667: SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 02008-07-07

📋Vendor Advisories

1
Debian
CVE-2008-2667: courier-authlib - SQL injection vulnerability in the Courier Authentication Library (aka courier-a...2008
CVE-2008-2667 — SQL Injection in Debian Courier-authlib | cvebase