VDB
CVE-2008-2380
CVE-2008-2380
PUBLISHED
CVSS 5.099999904632568 MEDIUM
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
EPSS 0.60% · 70.0th percentile
Risk Scores
CVSS 2.0
5.099999904632568
EPSS Score
0.60%
70.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| courier-mta | courtier-authlib | 0.52, 0.53, 0.54 |
Timeline
- Dec 22, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- http://secunia.com/advisories/34234 technical
- 33235 third-party-advisory
- 32926 vdb
- courier-library-postgres-sql-injection(47494) vdb
- http://www.courier-mta.org/authlib/changelog.html url
- 50811 vdb
- GLSA-200903-25 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-2380 advisory