Description

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

Remediation

References

CVE-2012-4414

Related Vulnerabilities

MySQL CVE-2022-21600 Vulnerability (CVE-2022-21600)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-6300)

WordPress Plugin Software License Manager Cross-Site Scripting (4.4.9)

WordPress Plugin Share Possible Remote Code Execution (1.0)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5319)

Severity

Medium

Classification

CVE-2012-4414 CWE-138

Tags

Missing Update Known Vulnerabilities