Conversation
AttackerKB
attackerkb
New assessment for topic: CVE-2025-1094
Topic description: "Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns ..."
"An attacker can inject unexpected UTF-8 characters, such as `\xC0` into a string that is correctly escaped via the PSQL escaping routines, such as `pg_escape_string` ..."
Link: https://attackerkb.com/assessments/74e38297-224a-4205-beb2-c5cef31d2ecf
Topic description: "Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns ..."
"An attacker can inject unexpected UTF-8 characters, such as `\xC0` into a string that is correctly escaped via the PSQL escaping routines, such as `pg_escape_string` ..."
Link: https://attackerkb.com/assessments/74e38297-224a-4205-beb2-c5cef31d2ecf
0
0
0