FreeBSD : codeigniter -- SQL injection vulnerability (b7d785ea-656d-11e5-9909-002590263bf5)
High Nessus Plugin ID 86179
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe CodeIgniter changelog reports :
An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection.
An incompatibility in PHP versions < 5.2.3 and MySQL > 5.0.7 with mysql_set_charset() creates a situation where using multi-byte character sets on these environments may potentially expose a SQL injection attack vector. Latin-1, UTF-8, and other 'low ASCII' character sets are unaffected on all environments.
If you are running or considering running a multi-byte character set for your database connection, please pay close attention to the server environment you are deploying on to ensure you are not vulnerable.
SolutionUpdate the affected package.