CVE-2011-2688
published 2011-07-28CVE-2011-2688: SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to…
PriorityP268high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWVulnCheck KEV
Exploited in the wild
EPSS
5.66%
92.0th percentile
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libapache2-mod-authnz-external | < libapache2-mod-authnz-external 3.2.4-2.1 (bookworm) | libapache2-mod-authnz-external 3.2.4-2.1 (bookworm) |
| mod_authnz_external_project | mod_authnz_external | <= 3.2.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP authentication requests to Apache mod_authnz_external for SQL metacharacters (e.g., quotes, comment sequences, UNION/SELECT keywords) injected in the username/user field. ↗
- →Audit installations of mod_authnz_external version 3.2.5 and earlier; the vulnerable script is mysql/mysql-auth.pl and the attack vector is the user field passed to MySQL queries. ↗
- ·The vulnerability is fixed in Debian package version 3.2.4-2.1 across all tracked Debian releases (bookworm, bullseye, forky, sid, trixie); ensure the patched package is deployed. ↗
- ·The SQL injection is introduced specifically through the user field in mysql/mysql-auth.pl; any deployment using MySQL-backed authentication via mod_authnz_external ≤ 3.2.5 is affected. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vulncheck7.5HIGH
vendor_debian7.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9gr7-x6r9-35vw: SQL injection vulnerability in mysql/mysql-auth
ghsa_unreviewed·2022-05-13
CVE-2011-2688 [HIGH] CWE-89 GHSA-9gr7-x6r9-35vw: SQL injection vulnerability in mysql/mysql-auth
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
OSV
CVE-2011-2688: SQL injection vulnerability in mysql/mysql-auth
osv·2011-07-28·CVSS 7.5
CVE-2011-2688 [HIGH] CVE-2011-2688: SQL injection vulnerability in mysql/mysql-auth
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
VulnCheck
mod_authnz_external_project mod_authnz_external Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2011·CVSS 7.5
CVE-2011-2688 [HIGH] mod_authnz_external_project mod_authnz_external Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
mod_authnz_external_project mod_authnz_external Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
Affected: mod_authnz_external_project mod_authnz_external
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cyfirma.com/research/finstealer/; https://gbhackers.com/finstealer-malware-targets-leading-indian-banks-mobile-users/
Debian
CVE-2011-2688: libapache2-mod-authnz-external - SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external mo...
vendor_debian·2011·CVSS 7.5
CVE-2011-2688 [HIGH] CVE-2011-2688: libapache2-mod-authnz-external - SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external mo...
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
Scope: local
bookworm: resolved (fixed in 3.2.4-2.1)
bullseye: resolved (fixed in 3.2.4-2.1)
forky: resolved (fixed in 3.2.4-2.1)
sid: resolved (fixed in 3.2.4-2.1)
trixie: resolved (fixed in 3.2.4-2.1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://anders.fix.no/software/#unixhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633637http://code.google.com/p/mod-auth-external/issues/detail?id=5http://secunia.com/advisories/45240http://www.debian.org/security/2011/dsa-2279http://www.openwall.com/lists/oss-security/2011/07/12/10http://www.openwall.com/lists/oss-security/2011/07/12/17http://www.securityfocus.com/bid/48653https://exchange.xforce.ibmcloud.com/vulnerabilities/68799http://anders.fix.no/software/#unixhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633637http://code.google.com/p/mod-auth-external/issues/detail?id=5http://secunia.com/advisories/45240http://www.debian.org/security/2011/dsa-2279http://www.openwall.com/lists/oss-security/2011/07/12/10http://www.openwall.com/lists/oss-security/2011/07/12/17http://www.securityfocus.com/bid/48653https://exchange.xforce.ibmcloud.com/vulnerabilities/68799
2011-07-28
Published
Exploited in the wild