IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Informix_web_datablade | Ibm | 4.10 | 4.10 |
Informix_web_datablade | Ibm | 4.11 | 4.11 |
Informix_web_datablade | Ibm | 4.13 | 4.13 |
Informix_web_datablade | Ibm | 4.12 | 4.12 |