CVE-2017-11509SQL Injection in Foundation Firebird SQL Server

CWE-89SQL Injection9 documents7 sources
Severity
8.8HIGHNVD
EPSS
10.9%
top 6.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Firebird Foundation Firebird SQL ServerDebian LinuxFirebirdsql Firebird
Timeline
PublishedMar 28
Latest updateMay 13

Description

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5firebird_foundation/firebird_sql_server2.5.7, 3.0.2+1
NVDfirebirdsql/firebird2.5.7, 3.0.2+1

Also affects: Debian Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-6pp2-h2x8-7cp5: An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 22022-05-13
CVEList
CVE-2017-11509: An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 22018-03-28
OSV
CVE-2017-11509: An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 22018-03-28

📋Vendor Advisories

2
Red Hat
firebird: Firebird fbudf Module Authenticated Remote Code Execution2017-11-21
Debian
CVE-2017-11509: firebird3.0 - An authenticated remote attacker can execute arbitrary code in Firebird SQL Serv...2017

💬Community

3
Bugzilla
CVE-2017-11509 firebird: Firebird fbudf Module Authenticated Remote Code Execution [fedora-all]2018-03-29
Bugzilla
CVE-2017-11509 firebird: Firebird fbudf Module Authenticated Remote Code Execution2018-03-29
Bugzilla
CVE-2017-11509 firebird: Firebird fbudf Module Authenticated Remote Code Execution [epel-all]2018-03-29
CVE-2017-11509 — SQL Injection | cvebase