| Topic:
|
Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability
|
| Severity/Risk:
|
Critical (only servers using Oracle and MS SQL databases)
|
| Versions affected:
|
<1.9.6
|
| Reported by:
|
Sam Moffatt
|
| Issue no.:
|
MDL-19452
|
| Solution:
|
upgrade to latest weekly build or 1.9.6
|
| Workaround:
|
none
|
Description:
Sam Moffatt discovered a potential problem in the way ADODB library is quoting special characters when the database engine is using Sybase style quoting.
