3 matches found
CVE-2007-6342
SQL injection vulnerability in the David Castro AuthCAS module AuthCAS.pm 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSIONCOOKIENAME session ID in a cookie...
CVE-2007-6342
CVE-2007-6342 affects the Apache::AuthCAS module (AuthCAS.pm) version 0.4 used with the Apache HTTP Server. The root cause is an SQL injection: the session ID obtained from the cookie named by SESSION_COOKIE_NAME is directly interpolated into an SQL query (SELECT last_accessed, uid, pgtiou FROM …...
CVE-2007-6342
SQL injection vulnerability in the David Castro AuthCAS module AuthCAS.pm 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSIONCOOKIENAME session ID in a cookie...