DescriptionQuassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
SUSE Timeline for this CVECVE page created: Mon Apr 27 13:12:13 2015
CVE page last modified: Thu Dec 7 13:08:47 2023