CVE-2009-1208
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
01/04/2009
Last modified:
09/04/2025
Description
SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:auth2db:auth2db:0.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:auth2db:auth2db:0.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:auth2db:auth2db:0.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:auth2db:auth2db:0.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:auth2db:auth2db:0.1.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:auth2db:auth2db:0.1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:auth2db:auth2db:0.1.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:auth2db:auth2db:0.1.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:auth2db:auth2db:0.1.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:auth2db:auth2db:0.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:auth2db:auth2db:0.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:auth2db:auth2db:0.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:auth2db:auth2db:0.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:auth2db:auth2db:0.2.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:auth2db:auth2db:0.2.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521823
- http://secunia.com/advisories/34488
- http://www.auth2db.com.ar/?title=CHANGELOG
- http://www.debian.org/security/2009/dsa-1757
- http://www.securityfocus.com/bid/34287
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49518
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521823
- http://secunia.com/advisories/34488
- http://www.auth2db.com.ar/?title=CHANGELOG
- http://www.debian.org/security/2009/dsa-1757
- http://www.securityfocus.com/bid/34287
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49518