QwikSec

Security Database

CVE

CWE

Training

CVE-2005-1454

Published: May 19, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SUSE-SR:2005:014

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_BID

oval:org.mitre.oval:def:9610

vdb-entry

signature

x_refsource_OVAL

vdb-entry

x_refsource_SECTRACK

20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability

mailing-list

x_refsource_FULLDISC

http://www.freeradius.org/security.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_REDHAT

freeradius-xlat-sql-injection(20449)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.