Description
Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.
Remediation
References
Related Vulnerabilities
WordPress 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-15700)
Nexus Repository Manager Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-43293)
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.9.23)
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2023-26472)