VYPR
Unrated severityNVD Advisory· Published May 14, 2015· Updated Jun 17, 2026

CVE-2015-3427

CVE-2015-3427

Description

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.

Affected products

4
  • Quassel Irc/Quasselinferred3 versions
    <0.12.2+ 2 more
    • (no CPE)range: <0.12.2
    • cpe:2.3:a:quassel-irc:quassel:*:*:*:*:*:*:*:*range: <=0.12.1
    • (no CPE)range: <0.12.2
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.