IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Informix_web_datablade | Ibm | 4.10 (including) | 4.10 (including) |
| Informix_web_datablade | Ibm | 4.11 (including) | 4.11 (including) |
| Informix_web_datablade | Ibm | 4.12 (including) | 4.12 (including) |
| Informix_web_datablade | Ibm | 4.13 (including) | 4.13 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0137.html
- http://www.iss.net/security_center/static/8827.php
- http://www.securityfocus.com/bid/4498
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0137.html
- http://www.iss.net/security_center/static/8827.php
- http://www.securityfocus.com/bid/4498