CVE-2013-4422 (retired)

Priority
Description
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or
later and PostgreSQL 8.2 or later are used, allows remote attackers to
execute arbitrary SQL commands via a \ (backslash) in a message.
Notes
 jdstrand> per upstream, "This bug was a introduced due to a bugfix in Qt 4.8.5
  disables slash escaping when binding queries:
  https://bugreports.qt-project.org/browse/QTBUG-30076
 jdstrand> Ubuntu 13.04 and earlier do not have Qt 4.8.5
More Information

Updated: 2019-03-26 12:09:51 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)