6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
71.5%
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or
later and PostgreSQL 8.2 or later are used, allows remote attackers to
execute arbitrary SQL commands via a \ (backslash) in a message.
Author | Note |
---|---|
jdstrand | per upstream, "This bug was a introduced due to a bugfix in Qt 4.8.5 disables slash escaping when binding queries: https://bugreports.qt-project.org/browse/QTBUG-30076 Ubuntu 13.04 and earlier do not have Qt 4.8.5 |