codeigniter -- SQL injection vulnerability
The CodeIgniter changelog reports:
An improvement was made to the MySQL and MySQLi drivers to prevent
exposing a potential vector for SQL injection on sites using
multi-byte character sets in the database client connection.
An incompatibility in PHP versions < 5.2.3 and MySQL > 5.0.7
with mysql_set_charset() creates a situation where using multi-byte
character sets on these environments may potentially expose a SQL
injection attack vector. Latin-1, UTF-8, and other "low ASCII"
character sets are unaffected on all environments.
If you are running or considering running a multi-byte character
set for your database connection, please pay close attention to the
server environment you are deploying on to ensure you are not
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright