CVE-2005-1824: SQL Injection
First published: Thu Jun 02 2005(Updated: )
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Mailutils | =1.0.6.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-1824?
CVE-2005-1824 is considered a critical vulnerability due to its potential for SQL injection attacks.
How do I fix CVE-2005-1824?
To fix CVE-2005-1824, update GNU Mailutils to a patched version that properly handles escaping characters.
What software is affected by CVE-2005-1824?
CVE-2005-1824 affects GNU Mailutils version 1.0.6.1.1.
What are the potential risks of CVE-2005-1824?
Exploitation of CVE-2005-1824 could allow an attacker to execute arbitrary SQL commands in the database.
Is CVE-2005-1824 still a concern today?
While CVE-2005-1824 is an older vulnerability, it remains a concern for systems running outdated versions of GNU Mailutils.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/weakness
- agent/tags
- agent/severity
- agent/event
- agent/description
- agent/source
- vendor/gnu
- canonical/gnu mailutils
- version/gnu mailutils/1.0.6.1.1