Published: 01/06/2006 Updated: 17/12/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in MySQL 4.1.x prior to 4.1.20 and 5.0.x prior to 5.0.22 allows context-dependent malicious users to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mysql mysql 4.1.14
mysql mysql 4.1.15
oracle mysql 4.1.4
oracle mysql 4.1.5
mysql mysql 5.0.10
oracle mysql 5.0.11
oracle mysql 5.0.12
oracle mysql 5.0.19
mysql mysql 5.0.2
oracle mysql 5.0.6
oracle mysql 5.0.7
mysql mysql 4.1.12
mysql mysql 4.1.13
mysql mysql 4.1.2
mysql mysql 4.1.3
mysql mysql 5.0.0
mysql mysql 5.0.1
mysql mysql 4.1.0
oracle mysql 4.1.1
oracle mysql 4.1.16
oracle mysql 4.1.17
oracle mysql 4.1.6
oracle mysql 4.1.7
oracle mysql 5.0.13
oracle mysql 5.0.14
mysql mysql 5.0.20
oracle mysql 5.0.8
oracle mysql 5.0.9
mysql mysql 4.1.10
oracle mysql 4.1.11
oracle mysql 4.1.18
oracle mysql 4.1.19
mysql mysql 5.0.17
oracle mysql 5.0.18
mysql mysql 5.0.4
mysql mysql 5.0.5
mysql mysql 4.1.8
oracle mysql 4.1.9
mysql mysql 5.0.15
mysql mysql 5.0.16
oracle mysql 5.0.21
mysql mysql 5.0.3

An SQL injection vulnerability has been discovered when using less popular multibyte encodings (such as SJIS, or BIG5) which contain valid multibyte characters that end with the byte 0x5c (the representation of the backslash character >>&lt;< in ASCII) ...

USN-288-1 described a PostgreSQL client vulnerability in the way the >>‘<< character is escaped in SQL queries It was determined that the PostgreSQL backends of Exim, Dovecot, and Postfix used this unsafe escaping method ...

Josh Berkus and Tom Lane discovered that MySQL 41, a popular SQL database, incorrectly parses a string escaped with mysql_real_escape() which could lead to SQL injection This problem does only exist in versions 41 and 50 The old stable distribution (woody) is not affected by this problem For the stable distribution (sarge) this problem has be ...

NVD-CWE-Other http://lists.mysql.com/announce/364 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735 http://secunia.com/advisories/20365 http://www.securityfocus.com/bid/18219 http://securitytracker.com/id?1016216 http://www.debian.org/security/2006/dsa-1092 http://secunia.com/advisories/20489 http://www.gentoo.org/security/en/glsa/glsa-200606-13.xml http://www.redhat.com/support/errata/RHSA-2006-0544.html http://www.trustix.org/errata/2006/0034/http://secunia.com/advisories/20541 http://secunia.com/advisories/20531 http://secunia.com/advisories/20562 http://secunia.com/advisories/20625 http://secunia.com/advisories/20712 http://www.ubuntu.com/usn/usn-288-3 http://docs.info.apple.com/article.html?artnum=305214 http://secunia.com/advisories/24479 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:097 http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://www.vupen.com/english/advisories/2007/0930 http://www.vupen.com/english/advisories/2006/2105 https://exchange.xforce.ibmcloud.com/vulnerabilities/26875 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10312 https://usn.ubuntu.com/303-1/https://nvd.nist.gov https://usn.ubuntu.com/303-1/

CVE-2006-2753

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect