IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it.
http://www.securityfocus.com/bid/4498
http://www.iss.net/security_center/static/8827.php
http://archives.neohapsis.com/archives/bugtraq/2002-04/0137.html