PT-2006-3278 · Postgresql+1 · Postgresql+1
Akio Ishida
+1
·
Published
2006-05-23
·
Updated
2018-10-18
·
CVE-2006-2313
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PostgreSQL versions prior to 8.1.4
PostgreSQL versions prior to 8.0.8
PostgreSQL versions prior to 7.4.13
PostgreSQL versions prior to 7.3.15
Description
The issue allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters. An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible SQL injection.
Recommendations
For versions prior to 8.1.4, update to version 8.1.4 or later.
For versions prior to 8.0.8, update to version 8.0.8 or later.
For versions prior to 7.4.13, update to version 7.4.13 or later.
For versions prior to 7.3.15, update to version 7.3.15 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Postgresql
Red Hat