The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| guiseppe_tanzilli_and_matthias_eckermann | mod_auth_pgsql | 0.9.5 |
| guiseppe_tanzilli_and_matthias_eckermann | mod_auth_pgsql | 0.9.6 |
Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| guiseppe_tanzilli_and_matthias_eckermann | mod_auth_pgsql | * |
| guiseppe_tanzilli_and_matthias_eckermann | mod_auth_pgsql | 0.9.5 |
| guiseppe_tanzilli_and_matthias_eckermann | mod_auth_pgsql | 0.9.6 |