Description

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

Remediation

References

CVE-2012-4414

Related Vulnerabilities

Ruby Improper Input Validation Vulnerability (CVE-2013-1821)

Oracle Database Server Other Vulnerability (CVE-2005-3437)

WordPress Plugin The Welcomizer 'twiz-index.php' Cross-Site Scripting (1.3.9.4)

WordPress Plugin WP-Lister Lite for Amazon Cross-Site Scripting (2.4.3)

WordPress Plugin WP-Filebase Download Manager Cross-Site Scripting (3.1.02)

Severity

Medium

Classification

CVE-2012-4414 CWE-138

Tags

Missing Update Known Vulnerabilities