CVE-2008-2380

EPSS 0.60%

courier-authlib - sql injection

Published: 12/22/2008Modified: 4/28/2026

Description

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.

Affected packages (3)

Debian/courier-authlibfrom 0, < 0.61.0-1+lenny1
Debian/courier-authlibfrom 0, < 0.58-4+etch2
Debian/courier-authlibfrom 0, < 0.61.0-1+lenny1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-2380