Description

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

Remediation

References

CVE-2015-3414

Related Vulnerabilities

WordPress Plugin WP Statistics Cross-Site Scripting (12.0.5)

WordPress Plugin Contact Form Email Cross-Site Scripting (1.1.49)

Jboss EAP Improper Input Validation Vulnerability (CVE-2020-10693)

Oracle Database Server CVE-2007-3854 Vulnerability (CVE-2007-3854)

WordPress Plugin BackUpWordPress Remote File Inclusion (0.4.2b)

Severity

High

Classification

CVE-2015-3414 CWE-908

Tags

Missing Update Known Vulnerabilities