VDB
CVE-2008-2667
CVE-2008-2667
PUBLISHED
CVSS 5.099999904632568 MEDIUM
SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
EPSS 1.58% · 82.0th percentile
Risk Scores
CVSS 2.0
5.099999904632568
EPSS Score
1.58%
82.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| courier-mta | courtier-authlib | 0.52, 0.53, 0.55 |
Timeline
- Jul 7, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- [courier-announce] 20080608 courier-authlib 0.60.6 released mailing-list
- 30591 third-party-advisory
- opensuse-unspecified-sql-injection(43628) vdb
- [courier-users] 20080314 Re: [courier-users] [Fwd: Re: authmysql vs apostrophe] mailing-list
- http://bugs.gentoo.org/show_bug.cgi?id=225407 url
- 30967 third-party-advisory
- http://www.courier-mta.org/authlib/changelog.html url
- SUSE-SR:2008:014 vendor-advisory
- GLSA-200809-05 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-2667 advisory
- http://www.mail-archive.com/courier-users@lists.sourceforge.net/msg31362.html url