Description

The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.

Remediation

References

CVE-2002-0802

Related Vulnerabilities

Django Improper Input Validation Vulnerability (CVE-2011-4136)

Oracle Database Server CVE-2014-4237 Vulnerability (CVE-2014-4237)

OpenSSL Cryptographic Issues Vulnerability (CVE-2013-6449)

MySQL CVE-2020-14814 Vulnerability (CVE-2020-14814)

TYPO3 Improper Input Validation Vulnerability (CVE-2014-9509)

Severity

High

Classification

CVE-2002-0802

Tags

Missing Update Known Vulnerabilities