CVE-2011-0432

Published Mar 14, 2011

Last updated 14 years ago

Overview

Description: Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:simon_pamies:pywebdav:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8D1EF46-79C5-4F74-88C3-33213FF382CB",
            "versionEndIncluding": "0.9.4"
          },
          {
            "criteria": "cpe:2.3:a:simon_pamies:pywebdav:0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DAFD195-B213-44F2-BCB7-FFEB9D8183A7"
          },
          {
            "criteria": "cpe:2.3:a:simon_pamies:pywebdav:0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DB397A1-50E5-46B4-BD09-FD713A9F8768"
          },
          {
            "criteria": "cpe:2.3:a:simon_pamies:pywebdav:0.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B3DA88A-C2C8-432C-95FF-95B540AFB592"
          },
          {
            "criteria": "cpe:2.3:a:simon_pamies:pywebdav:0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEC5B42E-5227-40CE-BAB3-2075A9874C70"
          },
          {
            "criteria": "cpe:2.3:a:simon_pamies:pywebdav:0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77BAF8F6-6426-431F-AB64-2E6907743DFC"
          },
          {
            "criteria": "cpe:2.3:a:simon_pamies:pywebdav:0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BF6A291-9CEF-49ED-8F0A-B26D7F3C3A67"
          },
          {
            "criteria": "cpe:2.3:a:simon_pamies:pywebdav:0.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8DB2B2B-8B1E-4A19-97B5-B75F49B47E16"
          },
          {
            "criteria": "cpe:2.3:a:simon_pamies:pywebdav:0.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2CD1B29-1AE5-4F73-9622-C7C4D3997199"
          },
          {
            "criteria": "cpe:2.3:a:simon_pamies:pywebdav:0.9.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF54B674-C328-46B3-877C-568B5A59630A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References