[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-2753Date: (C)2006-06-01   (M)2023-12-22


SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1016216
BID-18219
2006-0034
SECUNIA-20365
SECUNIA-20489
SECUNIA-20531
SECUNIA-20541
SECUNIA-20562
SECUNIA-20625
SECUNIA-20712
SECUNIA-24479
ADV-2006-2105
ADV-2007-0930
APPLE-SA-2007-03-13
DSA-1092
GLSA-200606-13
MDKSA-2006:097
RHSA-2006:0544
TA07-072A
USN-288-3
USN-303-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735
http://docs.info.apple.com/article.html?artnum=305214
http://lists.mysql.com/announce/364
mysql-ascii-sql-injection(26875)
oval:org.mitre.oval:def:10312

CPE    20
cpe:/a:mysql:mysql:5.0.10
cpe:/a:mysql:mysql:4.1.14
cpe:/a:mysql:mysql:4.1.15
cpe:/a:mysql:mysql:4.1.0
...

© SecPod Technologies