4 matches found
mod_accounting Module 0.5 - Blind SQL Injection
No description provided by source. - Affected Vendor: http://sourceforge.net/projects/mod-acct/files/ - Affected Software: modaccounting - Affected Version: 0.5. Other earlier versions may be affected. - Issue type: Blind SQL injection - Release Date: 20 Sep 2013 - Discovered by: Eldar Wireghoul...
Apache 'mod_accounting'模块SQL注入漏洞(CVE-2013-5697)
BUGTRAQ ID: 62677 CVE ID: CVE-2013-5697 modaccounting是Apache 1.3.x上的流量计费模块,该模块使用数据记录流量,支持的数据库类型包括MySQL及PostgreSQL。 modaccounting 0.5模块在Host报文头中存在SQL注入漏洞,攻击者可利用此漏洞破坏应用,执行未授权数据库操作。该漏洞源于用户提供的HTTP报文头未经过滤即用在查询内。该模块使用了简单的字符串串联来修改已定义查询内的占位符,然后再发送到数据库内。该代码位于modaccounting.c内。 0 modaccounting 0.5 临时解决方法:...
CVE-2013-5697
SQL injection vulnerability in modaccounting.c in the modaccounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header...
mod_accounting 0.5 Blind SQL Injection
Affected Vendor: http://sourceforge.net/projects/mod-acct/files/ - Affected Software: modaccounting - Affected Version: 0.5. Other earlier versions may be affected. - Issue type: Blind SQL injection - Release Date: 20 Sep 2013 - Discovered by: Eldar "Wireghoul" Marcussen - CVE Identifier:...