Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GNU Mailutils 认证模块 SQL注入漏洞
Vulnerability Description
GNU mailutils软件包是一个邮件工具集,包括本地和远程邮箱访问服务。 GNU Mailutils中存在SQL注入漏洞,成功利用这个漏洞的攻击者可以完全控制基础数据库。 如果以mysql或postgres USE标记编译GNU Mailutils 的话,认证模块的sql_escape_string函数就无法正确的转义"\"字符,导致SQL命令注入。
CVSS Information
N/A
Vulnerability Type
N/A