- Description
- Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:igor_khasilev:oops_proxy_server:1.4.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54A3BBF8-DC08-42C7-B6A0-F2605EF3972E"
},
{
"criteria": "cpe:2.3:a:igor_khasilev:oops_proxy_server:1.5.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D13924C-4A28-483E-B6B7-B20BD4F901B9"
},
{
"criteria": "cpe:2.3:a:igor_khasilev:oops_proxy_server:1.5.53:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37AB0FA3-87FE-449A-9495-C92845D7F835"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E"
}
],
"operator": "OR"
}
]
}
]