Unrated severityNVD Advisory· Published Jul 28, 2011· Updated Apr 29, 2026
CVE-2011-2688
CVE-2011-2688
Description
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
Affected products
4- cpe:2.3:a:mod_authnz_external_project:mod_authnz_external:*:*:*:*:*:*:*:*Range: <=3.2.5
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2011/07/12/10nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2011/07/12/17nvdMailing ListPatchThird Party Advisory
- anders.fix.no/software/nvdThird Party Advisory
- code.google.com/p/mod-auth-external/issues/detailnvdThird Party Advisory
- secunia.com/advisories/45240nvdThird Party Advisory
- www.debian.org/security/2011/dsa-2279nvdThird Party Advisory
- www.securityfocus.com/bid/48653nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/68799nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.