SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00563
Percentile:
0.67365
CVSS Scoring
CVSS v2 Score: 7.5
Severity:
Mapped CWE(s)
-
CWE-89
: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
All CAPEC(s)
-
CAPEC-108: Command Line Execution through SQL Injection
-
CAPEC-109: Object Relational Mapping Injection
-
CAPEC-110: SQL Injection through SOAP Parameter Tampering
-
CAPEC-470: Expanding Control over the Operating System from the Database
-
CAPEC-66: SQL Injection
-
CAPEC-7: Blind SQL Injection
CAPEC(s) with Mapped TTPs
Mapped ATT&CK TTPs
Affected Products
- cpe:2.3:a:pam-pgsql:pam-pgsql:*:*:*:*:*:*:*:*
← Back to Home