CVSS: 9.8EPSS: 5%CPEs: 60EXPL: 0CVE-2008-2384 – mod_auth_mysql: character encoding SQL injection flaw
https://notcve.org/view.php?id=CVE-2008-2384
22 Jan 2009 — SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request. Vulnerabilidad de inyección SQL en mod_auth_mysql.c en el módulo mod-auth-mysql (alias libapache2-mod-auth-mysql) para Apache HTTP Server 2.x, permite a ataca... • http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •