Back to search
CVE-2015-3427
Published: May 14, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.quassel-irc.org/node/127
x_refsource_CONFIRM
DSA-3258
vendor-advisory
x_refsource_DEBIAN
74339
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now