2 matches found
mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()
A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...
php: Integer overflow in mysqli_api.c:mysqli_real_escape_string()
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a long string because of an Integer overflow in mysqlirealescapestring...