SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00605
Percentile: 0.6863

CVSS Scoring

Mapped CWE(s)

• CWE-89 : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

• cpe:2.3:a:courier-mta:courtier-authlib:0.52:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.53:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.54:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.55:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.56:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.57:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.58:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.59:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.59.1:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.59.2:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.59.3:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.60:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.60.1:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.60.2:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.60.3:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.60.4:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.60.5:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.60.6:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.61.0:*:*:*:*:*:*:*
• cpe:2.3:a:courier-mta:courtier-authlib:0.61.1:*:*:*:*:*:*:*

← Back to Home