Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MySQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2012-4414 - Vulnerability Database
MySQL

MySQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2012-4414

Medium
Reference: CVE-2012-4414
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-4414
Title: MySQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29 and MariaDB 5.1.x through 5.1.62 5.2.x through 5.2.12 5.3.x through 5.3.7 and 5.5.x through 5.5.25 allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116 Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.