CVE-2005-1454

Name of the Vulnerable Software and Affected Versions: FreeRADIUS versions 1.0.2 and earlier

Description: The issue allows remote authenticated users to execute arbitrary SQL commands via specific configuration entries, including group membership query, simul count query, or simul verify query. This is due to a SQL injection vulnerability in the radius xlat function within the SQL module.

Recommendations: For FreeRADIUS versions 1.0.2 and earlier, consider restricting access to the SQL module or disabling the radius xlat function as a temporary workaround until a patch is available. Avoid using the group membership query, simul count query, or simul verify query configuration entries in the affected API endpoints until the issue is resolved.