On 24/10/2011 12:51, Dotan Cohen wrote:
Hi all, new Squirrelmail admin here.

Running the latest Squirrelmail on CentOS 6, my valid users get the
message "Unknown user or password incorrect." when logging in. I see
this in the maillog:


Oct 24 13:36:30 sharingcenterservers dovecot: auth: Error: mysql:
Query failed, retrying: You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the right
syntax to use near '��anotherUser’' at line 1

Hi Dontan, the user might be placing the char ' in their user name.

For example: Garry
becomes: 'Garry'

This is quite serious if this is true as it means that SM suffers from and SQL Injection and your system could be hacked.
This is very unlikely as the SQ team rock..

An SQL error like this is still very serious!

Have you tried to login to SM with the username/password (I know you said SSH but try SM as well); if so do you get the same error.

Also try downloading the source from the website and doing a: diff -ru source/ current/
where source is the downloaded Source and current is your current install.
If all is OK there should only be diffs in cache and config settings.

SM Guys, is the SVN repo safe and secure?

Giz