[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248585

 
 

909

 
 

195621

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-4414Date: (C)2013-01-23   (M)2023-12-22


Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-55498
MDVSA-2013:102
MDVSA-2013:150
http://www.openwall.com/lists/oss-security/2012/09/11/4
http://bugs.mysql.com/bug.php?id=66550
http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/
https://bugzilla.redhat.com/show_bug.cgi?id=852144
https://mariadb.atlassian.net/browse/MDEV-382
openSUSE-SU-2013:0011
openSUSE-SU-2013:0014
openSUSE-SU-2013:0135
openSUSE-SU-2013:0156

CPE    77
cpe:/a:mariadb:mariadb:5.5.23
cpe:/a:mariadb:mariadb:5.1.61
cpe:/a:mariadb:mariadb:5.3.1
cpe:/a:mariadb:mariadb:5.5.22
...
CWE    1
CWE-89
OVAL    5
oval:org.secpod.oval:def:400460
oval:org.secpod.oval:def:400461
oval:org.secpod.oval:def:400468
oval:org.secpod.oval:def:400470
...

© SecPod Technologies