First published: Thu May 14 2015(Updated: )
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Quassel-irc Quassel | <=0.12.1 | |
Debian Debian Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.