CVE-2014-100019
The vulnerability is in the Pomm library’s LTree converter, where SQL injection is possible in versions before 1.1.5. An attacker could remotely execute arbitrary SQL commands due to lack of escaping for user-supplied strings. Impact and affected components are described in multiple sources (e.g....