Candidate: CVE-2011-0432
PublicDate: 2011-03-14 19:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0432
Description:
 Multiple SQL injection vulnerabilities in the get_userinfo method in the
 MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1
 allow remote attackers to execute arbitrary SQL commands via the (1) user
 or (2) pw argument.  NOTE: some of these details are obtained from third
 party information.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_pywebdav:
upstream_pywebdav: released (0.9.4-3)
dapper_pywebdav: DNE
hardy_pywebdav: DNE
karmic_pywebdav: ignored (reached end-of-life)
lucid_pywebdav: ignored (reached end-of-life)
maverick_pywebdav: released (0.9.4-1+squeeze1build0.10.10.1)
natty_pywebdav: not-affected (0.9.4-3)
oneiric_pywebdav: not-affected (0.9.4-3)
precise_pywebdav: not-affected (0.9.4-3)
quantal_pywebdav: not-affected (0.9.4-3)
raring_pywebdav: not-affected (0.9.4-3)
saucy_pywebdav: not-affected (0.9.4-3)
devel_pywebdav: not-affected (0.9.4-3)