SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
Gentoo Linux Security Advisory 201311-3 - Two vulnerabilities in Quassel may result in Denial of Service or SQL injection. Versions less than 0.9.1 are affected.