Description

The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.

Remediation

References

CVE-2009-5026

Related Vulnerabilities

WordPress Plugin Art-Picture-Gallery Arbitrary File Upload (1.2.9)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Scripting (4.0.3)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1000392)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-2986)

PHP Improper Preservation of Permissions Vulnerability (CVE-2020-7063)

Severity

Medium

Classification

CVE-2009-5026 CWE-138

Tags

Missing Update Known Vulnerabilities