Description

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

Remediation

References

CVE-2012-4414

Related Vulnerabilities

phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12616)

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4321)

Django Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33571)

MySQL CVE-2019-2623 Vulnerability (CVE-2019-2623)

WordPress Plugin WP Simple Booking Calendar SQL Injection (2.0.6)

Severity

Medium

Classification

CVE-2012-4414 CWE-138

Tags

Missing Update Known Vulnerabilities