Mod_auth_mysql Multibyte Encoding SQL Injection
High Nessus Plugin ID 52050
SynopsisThe remote host is running software that is vulnerable to a SQL injection attack.
DescriptionThere is a SQL injection vulnerability in this installation of mod_auth_mysql that may allow an attacker access to restricted areas of a website. Successful attacks have only been demonstrated against sites with AuthMySQLCharacterSet set to big5, gbk, and sjis but other encodings may be affected.
SolutionChange to using a safe multibyte encoding (UTF-8), or patch mod_auth_mysql to use mysql_real_escape_string.