Back to search
CVE-2012-4414
Published: Jan 22, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://mariadb.atlassian.net/browse/MDEV-382
x_refsource_CONFIRM
MDVSA-2013:102
vendor-advisory
x_refsource_MANDRIVA
openSUSE-SU-2013:0156
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2013:0135
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2013:0011
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2013:0014
vendor-advisory
x_refsource_SUSE
[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=852144
x_refsource_CONFIRM
http://bugs.mysql.com/bug.php?id=66550
x_refsource_MISC
MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
55498
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now