IBM Informix Web Datablade SQL Query HTML Decoding Vulnerability

Informix is an enterprise database distributed and maintained by IBM. The Web Datablade Module for Informix SQL dynamically generates HTML content based on Database data. Web Datablade is available for Apache, IIS, and Netscape web servers, and a generic CGI version is provided for alternative servers. It will execute under Windows NT, Linux and many Unix-like systems.

Reportedly, SQL queries executed by Web Datablade decode HTML encoded input. If a developer were to use HTML encoding to sanitize user input, it would be possible to inadvertently create insecure applications.


 

Privacy Statement
Copyright 2010, SecurityFocus