Description

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.

Remediation

References

CVE-2006-2753

Related Vulnerabilities

WordPress Plugin Product Catalog for WordPress Unspecified Vulnerability (1.4.5)

WordPress 3.8.x Same Origin Method Execution (SOME) Vulnerability (3.8 - 3.8.13)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35212)

Dolibarr Other Vulnerability (CVE-2022-0414)

WordPress Plugin MailPoet Newsletters (Previous) Cross-Site Request Forgery (2.6.10)

Severity

High

Classification

CVE-2006-2753

Tags

Missing Update Known Vulnerabilities