Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0903 — Mysql vulnerability

10 documents6 sources

Severity

4.6MEDIUMNVD

EPSS

0.2%

top 52.46%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mysql Oracle Mysql

Timeline

PublishedFeb 27

Latest updateMay 1

Description

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶NVDmysql/mysql16 versions+15

▶NVDoracle/mysql113 versions+112

🔴Vulnerability Details

GHSA

GHSA-4qqq-9pg4-j3vh: MySQL 5↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

MySQL 5.0.18 - Query Logging Bypass↗2006-02-27

▶

📋Vendor Advisories

Ubuntu

MySQL vulnerability↗2006-05-15

▶

Ubuntu

MySQL vulnerability↗2006-04-27

▶

Red Hat

Mysql log file obfuscation↗2006-02-20

▶

💬Community

Bugzilla

CVE-2006-0903 Mysql log file obfuscation↗2006-06-14

▶

Bugzilla

CVE-2006-0903 Mysql multiple vulnerabilities (↗2006-04-07

▶

Bugzilla

CVE-2006-0903 Mysql log file obfuscation↗2006-02-27

▶

Bugzilla

CVE-2006-0903 Mysql log file obfuscation↗2006-02-27

▶