CVE-2009-1208 Information

Description

SQL injection vulnerability in auth2db 0.2.5 and possibly other versions before 0.2.7 uses the addslashes function instead of the mysql_real_escape_string function which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521823 http://secunia.com/advisories/34488 http://www.auth2db.com.ar/?title=CHANGELOG http://www.debian.org/security/2009/dsa-1757 http://www.securityfocus.com/bid/34287 https://exchange.xforce.ibmcloud.com/vulnerabilities/49518