SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field. References: http://code.google.com/p/mod-auth-external/issues/detail?id=5 http://www.openwall.com/lists/oss-security/2011/07/12/10 http://www.openwall.com/lists/oss-security/2011/07/12/17