[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-0903Date: (C)2006-02-27   (M)2023-12-22


MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1015693
BID-16850
SECUNIA-19034
SECUNIA-19502
SECUNIA-19814
http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0653.html
SECUNIA-20241
SECUNIA-20253
SECUNIA-20333
SECUNIA-20625
SECUNIA-30351
ADV-2006-0752
DSA-1071
DSA-1073
DSA-1079
MDKSA-2006:064
RHSA-2006:0544
RHSA-2007:0083
RHSA-2008:0364
USN-274-1
USN-274-2
http://bugs.mysql.com/bug.php?id=17667
http://rst.void.ru/papers/advisory39.txt
mysql-query-log-bypass-security(24966)
oval:org.mitre.oval:def:9915

CPE    16
cpe:/a:mysql:mysql:5.0.10
cpe:/a:mysql:mysql:4.1.0
cpe:/a:mysql:mysql:4.1.3
cpe:/a:mysql:mysql:5.0.16
...

© SecPod Technologies