Description

Manual confirmation is required for this alert.

A character that is encoded in UTF-8 can technically be between one and four bytes in length. MySQL's utf8 charsets only support 3-byte characters. When you insert a string containing a 4-byte character into a utf8 column, the default MySQL behaviour is to truncate the rest of the string after (and including) the occurence of the 4-byte character.

This behaviour can cause various security issues such as "WordPress < 4.1.2 Stored XSS vulnerability" discovered by Cedric Van Bockhaven (consult references for more information about this vulnerability).

It was detected that your application is also truncating utf8 4-byte characters and therefore is potentially affected by this MySQL behaviour. Acunetix cannot fully determine if your application is vulnerable, it only confirmed that strings containing utf8 4-byte characters are truncated while strings containing utf8 3-byte characters are not truncated. This vulnerability must be investigated and confirmed manually.

Remediation

It's recommended to use MySQL's strict mode where possible. Where this is not possible, make sure your application is prepared to handle well utf8 4-byte character truncations.

References

How to support full Unicode in MySQL databases

WordPress < 4.1.2 Stored XSS vulnerability

RFC3629

Related Vulnerabilities

Adobe Experience Manager Misconfiguration

Jenkins Git Plugin missing permission check (CVE-2022-36883)

Error page path disclosure

Hadoop cluster web interface

MovableType remote code execution

Severity

Medium

Classification

CWE-176 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration