CVE-2005-1824
GNU mailutils - SQL Injection via Improper Backslash Escaping in SQL Authentication Module
Title source: llmDescription
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
References (2)
Core 2
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200506-02.xml
Patch, Vendor Advisory x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031
Scores
EPSS
0.0102
EPSS Percentile
77.5%
Details
Status
published
Products (1)
gnu/mailutils
1.0.6.1.1
Published
Jun 02, 2005
Tracked Since
Feb 18, 2026