Description
Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Portfolio Gallery-Photo Gallery Multiple Unspecified Vulnerabilities (2.0.72)
WordPress Plugin Blue Admin Cross-Site Request Forgery (21.06.01)
PHP CVE-2004-1064 Vulnerability (CVE-2004-1064)
MySQL CVE-2015-2611 Vulnerability (CVE-2015-2611)
WordPress Plugin SP Project & Document Manager Unspecified Vulnerability (2.5.7.3)