Lucene search

K

MitreCVELIST:CVE-2011-0432

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-0432

2022-10-0316:15:20

mitre

www.cve.org

cve-2011-0432

mysqlauthhandler

get_userinfo method

sql injection

pywebdav 0.9.4.1

8.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.3%

Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.

References

code.google.com/p/pywebdav/updates/list

lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html

pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz

secunia.com/advisories/43571

secunia.com/advisories/43602

secunia.com/advisories/43703

www.debian.org/security/2011/dsa-2177

www.securityfocus.com/bid/46655

www.vupen.com/english/advisories/2011/0553

www.vupen.com/english/advisories/2011/0554

www.vupen.com/english/advisories/2011/0634

bugzilla.redhat.com/show_bug.cgi?id=677718

8.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.3%

Related for CVELIST:CVE-2011-0432

nessus4 openvas6 securityvulns2 github1 fedora3 debiancve1 cve1 debian1 ubuntucve1 osv1 prion1 nvd1