VULHUB ™

An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands into the database. The attacks covered here work in any multibyte encoding. Affected versions: PostgreSQL 8.1.0-8.1.3, 8.0.0-8.0.7, 7.4.0-7.4.12, 7.3.0-7.3.14

An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands into the database. The attacks covered here work in any multibyte encoding. Affected versions: PostgreSQL 8.1.0-8.1.3, 8.0.0-8.0.7, 7.4.0-7.4.12, 7.3.0-7.3.14