On 24/10/2011 12:51, Dotan Cohen wrote:
Hi Dontan, the user might be placing the char ' in their user name.
Hi all, new Squirrelmail admin here.
Running the latest Squirrelmail on CentOS 6, my valid users get the
message "Unknown user or password incorrect." when logging in. I see
this in the maillog:
Oct 24 13:36:30 sharingcenterservers dovecot: auth: Error: mysql:
Query failed, retrying: You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the right
syntax to use near '��anotherUser’' at line 1
For example: Garry
This is quite serious if this is true as it means that SM suffers
from and SQL Injection and your system could be hacked.
This is very unlikely as the SQ team rock..
An SQL error like this is still very serious!
Have you tried to login to SM with the username/password (I know you
said SSH but try SM as well); if so do you get the same error.
Also try downloading the source from the website and doing a: diff
-ru source/ current/
where source is the downloaded Source and current is your current
If all is OK there should only be diffs in cache and config
SM Guys, is the SVN repo safe and secure?