CVE-2006-2313

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 8.1.4 PostgreSQL versions prior to 8.0.8 PostgreSQL versions prior to 7.4.13 PostgreSQL versions prior to 7.3.15

Description The issue allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters. An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible SQL injection.

Recommendations For versions prior to 8.1.4, update to version 8.1.4 or later. For versions prior to 8.0.8, update to version 8.0.8 or later. For versions prior to 7.4.13, update to version 7.4.13 or later. For versions prior to 7.3.15, update to version 7.3.15 or later.