Topic: | Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability |
Severity/Risk: | Critical (only servers using Oracle and MS SQL databases) |
Versions affected: | <1.9.6 |
Reported by: | Sam Moffatt |
Issue no.: | MDL-19452 |
Solution: | upgrade to latest weekly build or 1.9.6 |
Workaround: | none |
Description:
Sam Moffatt discovered a potential problem in the way ADODB library is quoting special characters when the database engine is using Sybase style quoting.