[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-2313Date: (C)2006-05-24   (M)2023-12-22


PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1016142
BID-18092
2006-0032
http://www.securityfocus.com/archive/1/435038/100/0/threaded
http://www.securityfocus.com/archive/1/435161/100/0/threaded
20060602-01-U
SECUNIA-20231
SECUNIA-20232
SECUNIA-20314
SECUNIA-20435
SECUNIA-20451
SECUNIA-20503
SECUNIA-20555
SECUNIA-20653
SECUNIA-20782
SECUNIA-21001
ADV-2006-1941
DSA-1087
GLSA-200607-04
MDKSA-2006:098
RHSA-2006:0526
SUSE-SA:2006:030
USN-288-1
USN-288-2
http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php
http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm
http://www.postgresql.org/docs/techdocs.50
oval:org.mitre.oval:def:10618
postgresql-multibyte-sql-injection(26627)

CPE    26
cpe:/a:postgresql:postgresql:7.4.10
cpe:/a:postgresql:postgresql:7.4.11
cpe:/a:postgresql:postgresql:7.4.9
cpe:/a:postgresql:postgresql:7.4.8
...

© SecPod Technologies