• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PostgreSQL Multibyte Character Encoding SQL Injection Vulnerabilities

PostgreSQL is prone to SQL-injection vulnerabilities. These issues are due to a potential mismatch of multibyte character conversions between PostgreSQL servers and client applications.

A successful exploit could allow an attacker to execute arbitrary SQL statements on affected servers. This may allow the attacker to compromise the targeted computer, access or modify data, or exploit other latent vulnerabilities.

PostgreSQL versions prior to 7.3.15, 7.4.13, 8.0.8, and 8.1.4 are vulnerable to these issues.