Description

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.

Remediation

References

CVE-2012-1618

Related Vulnerabilities

WordPress Plugin yolink Search for WordPress 'bulkcrawl.php' SQL Injection (1.1.4)

phpMyAdmin Other Vulnerability (CVE-2006-2031)

WordPress Plugin Hotjar Connecticator Cross-Site Scripting (1.1.1)

WordPress Plugin Role Scoper Cross-Site Scripting (1.3.64)

WordPress Plugin Qwizcards-online quizzes and flashcards Cross-Site Scripting (3.61)

Severity

High

Classification

CVE-2012-1618

Tags

Missing Update Known Vulnerabilities