Description
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2006-0275 Vulnerability (CVE-2006-0275)
WordPress Plugin multi Scheduler Cross-Site Request Forgery (1.0.0)
WordPress 4.1.x Cross-Site Request Forgery (4.1 - 4.1.25)
PostgreSQL Improper Validation of Array Index Vulnerability (CVE-2026-2006)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3412)