Description
The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin Access Demo Importer Arbitrary File Upload (1.0.6)
WordPress Plugin Abandoned Cart Recovery for WooCommerce Cross-Site Request Forgery (1.0.4)
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.13)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-1000504)
WordPress Plugin iFlyChat-WordPress Chat Cross-Site Scripting (4.6.4)