CVE-2012-4414SQL Injection in Oracle Mysql

CWE-89SQL Injection5 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 36.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle MysqlMariadb
Timeline
PublishedJan 22
Latest updateMay 17

Description

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

NVDoracle/mysql5.5.28+35
NVDmariadb/mariadb39 versions+38

🔴Vulnerability Details

1
GHSA
GHSA-fq8v-ghvx-jmqh: Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 52022-05-17

📋Vendor Advisories

1
Red Hat
mysql: Multiple SQL injection flaws by generation of binlog entries2012-09-11

💬Community

2
Bugzilla
CVE-2012-4414 mysql: Multiple SQL injection flaws by generation of binlog entries [fedora-all]2012-10-05
Bugzilla
CVE-2012-4414 mysql: Multiple SQL injection flaws by generation of binlog entries2012-08-27