SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
Software | From | Fixed in |
---|---|---|
courier-mta / courtier-authlib | 0.52 | 0.52.x |
courier-mta / courtier-authlib | 0.53 | 0.53.x |
courier-mta / courtier-authlib | 0.54 | 0.54.x |
courier-mta / courtier-authlib | 0.55 | 0.55.x |
courier-mta / courtier-authlib | 0.56 | 0.56.x |
courier-mta / courtier-authlib | 0.57 | 0.57.x |
courier-mta / courtier-authlib | 0.58 | 0.58.x |
courier-mta / courtier-authlib | 0.59 | 0.59.x |
courier-mta / courtier-authlib | 0.59.1 | 0.59.1.x |
courier-mta / courtier-authlib | 0.59.2 | 0.59.2.x |
courier-mta / courtier-authlib | 0.59.3 | 0.59.3.x |
courier-mta / courtier-authlib | 0.60 | 0.60.x |
courier-mta / courtier-authlib | 0.60.1 | 0.60.1.x |
courier-mta / courtier-authlib | 0.60.2 | 0.60.2.x |
courier-mta / courtier-authlib | 0.60.3 | 0.60.3.x |
courier-mta / courtier-authlib | 0.60.4 | 0.60.4.x |
courier-mta / courtier-authlib | 0.60.5 | 0.60.5.x |