FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Quassel IRC -- SQL injection vulnerability

Affected packages
quassel < 0.9.1

Details

VuXML ID f969bad7-46fc-11e3-b6ee-00269ee29e57
Discovery 2013-10-07
Entry 2013-11-06

Quassel IRC developers report:

SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.

References

CVE Name CVE-2013-4422