Description

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.

Remediation

References

CVE-2006-2753

Related Vulnerabilities

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1429)

EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-38843)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction SQL Injection (3.1.1)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18259)

WordPress Plugin Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages Multiple Cross-Site Scripting Vulnerabilities (45.0)

Severity

High

Classification

CVE-2006-2753

Tags

Missing Update Known Vulnerabilities