CVE-2012-4414

Oracle MySQL < 5.5.28 - Authenticated SQL Injection via Replication Binary Log

Title source: llm
STIX 2.1

Description

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

References (12)

Core 12
Core References
Various Sources x_refsource_confirm
https://mariadb.atlassian.net/browse/MDEV-382
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/09/11/4
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=852144
Various Sources x_refsource_misc
http://bugs.mysql.com/bug.php?id=66550
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/55498

Scores

EPSS 0.0049
EPSS Percentile 65.8%

Details

CWE
CWE-89
Status published
Products (49)
mariadb/mariadb 5.1.41
mariadb/mariadb 5.1.42
mariadb/mariadb 5.1.44
mariadb/mariadb 5.1.47
mariadb/mariadb 5.1.49
mariadb/mariadb 5.1.50
mariadb/mariadb 5.1.51
mariadb/mariadb 5.1.53
mariadb/mariadb 5.1.55
mariadb/mariadb 5.1.60
... and 39 more
Published Jan 22, 2013
Tracked Since Feb 18, 2026