CVE-2013-4422 — SQL Injection in Quassel

CWE-89 — SQL Injection13 documents5 sources

Severity

7.5HIGHNVD

NVD6.8OSV6.8

EPSS

0.7%

top 28.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Quassel-irc Quassel Debian Quassel Quassel-irc Quassel IRC +1 more

Timeline

PublishedOct 23

Latest updateMay 17

Description

SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/quassel< quassel 0.9.1-1 (bookworm)+1

▶Debianquassel-irc/quassel< 1:0.10.0-2.4+7

▶NVDquassel-irc/quassel0.12.1

▶NVDquassel-irc/quassel_irc0.9.0+20

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-3g99-qh2f-rgmf: Quassel before 0↗2022-05-17

▶

GHSA

GHSA-74wc-8g6w-h6ww: SQL injection vulnerability in Quassel IRC before 0↗2022-05-13

▶

OSV

CVE-2015-3427: Quassel before 0↗2015-05-14

▶

OSV

CVE-2013-4422: SQL injection vulnerability in Quassel IRC before 0↗2013-10-23

▶

📋Vendor Advisories

Debian

CVE-2015-3427: quassel - Quassel before 0.12.2 does not properly re-initialize the database session when ...↗2015

▶

Debian

CVE-2013-4422: quassel - SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later ...↗2013

▶

💬Community

Bugzilla

CVE-2015-3427 quassel: SQL injection flaw (incomplete fix for CVE-2013-4422)↗2015-04-28

▶

Bugzilla

CVE-2015-3427 quassel: SQL injection flaw (incomplete fix for CVE-2013-4422) [epel-6]↗2015-04-28

▶

Bugzilla

CVE-2015-3427 quassel: SQL injection flaw (incomplete fix for CVE-2013-4422) [epel-7]↗2015-04-28

▶

Bugzilla

CVE-2015-3427 quassel: SQL injection flaw (incomplete fix for CVE-2013-4422) [fedora-all]↗2015-04-28

▶

Bugzilla

CVE-2013-4422 quassel: potential SQL injection flaw↗2013-10-09

▶