Description
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
Remediation
References
Related Vulnerabilities
Apache Tomcat Other Vulnerability (CVE-2005-2090)
Internet Information Services Other Vulnerability (CVE-2001-0336)
Oracle Application Server Other Vulnerability (CVE-2001-1372)
WordPress Plugin Gallery by BestWebSoft Cross-Site Scripting (4.2.1)
WordPress Plugin WassUp Real Time Analytics 'spy.php' SQL Injection (1.4.3)