Description
Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.
Remediation
References
Related Vulnerabilities
WordPress Plugin myghpay WooCommerce Payment Gateway Cross-Site Scripting (3.0)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-2155)
WordPress Plugin Easy PayPal Buy Now Button Cross-Site Scripting (1.7.3)
Oracle JRE CVE-2013-2468 Vulnerability (CVE-2013-2468)
WordPress Plugin CWIS-Antivirus Security Scanner Unspecified Vulnerability (2.3.2)