cbcvebase.
CVE-2011-2688
published 2011-07-28

CVE-2011-2688: SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to…

PriorityP268high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWVulnCheck KEV
Exploited in the wild
EPSS
5.66%
92.0th percentile
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.

Affected

5 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianlibapache2-mod-authnz-external< libapache2-mod-authnz-external 3.2.4-2.1 (bookworm)libapache2-mod-authnz-external 3.2.4-2.1 (bookworm)
mod_authnz_external_projectmod_authnz_external<= 3.2.5

Detection & IOCsextracted from sources · hover to see the quote

pathmysql/mysql-auth.pl
  • Monitor HTTP authentication requests to Apache mod_authnz_external for SQL metacharacters (e.g., quotes, comment sequences, UNION/SELECT keywords) injected in the username/user field.
  • Audit installations of mod_authnz_external version 3.2.5 and earlier; the vulnerable script is mysql/mysql-auth.pl and the attack vector is the user field passed to MySQL queries.
  • ·The vulnerability is fixed in Debian package version 3.2.4-2.1 across all tracked Debian releases (bookworm, bullseye, forky, sid, trixie); ensure the patched package is deployed.
  • ·The SQL injection is introduced specifically through the user field in mysql/mysql-auth.pl; any deployment using MySQL-backed authentication via mod_authnz_external ≤ 3.2.5 is affected.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vulncheck7.5HIGH
vendor_debian7.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.