Description
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2001-0831)
Oracle Database Server CVE-2015-2586 Vulnerability (CVE-2015-2586)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.33)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32472)