Published: 22/01/2013 Updated: 07/11/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly prior to 5.5.29, and MariaDB 5.1.x up to and including 5.1.62, 5.2.x up to and including 5.2.12, 5.3.x up to and including 5.3.7, and 5.5.x up to and including 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle mysql 5.5.10
oracle mysql 5.1.63
oracle mysql 5.1.52
oracle mysql 5.1.59
oracle mysql 5.5.27
oracle mysql 5.1.51
oracle mysql 5.1.62
oracle mysql 5.1.60
oracle mysql 5.5.19
oracle mysql 5.1.54
oracle mysql 5.1.53
oracle mysql 5.5.17
oracle mysql 5.1.61
oracle mysql 5.1.55
oracle mysql 5.1.57
oracle mysql 5.5.22
oracle mysql 5.5.14
oracle mysql
oracle mysql 5.5.16
oracle mysql 5.5.11
oracle mysql 5.1.65
oracle mysql 5.5.21
oracle mysql 5.1.58
oracle mysql 5.5.26
oracle mysql 5.5.20
oracle mysql 5.5.18
oracle mysql 5.5.24
oracle mysql 5.5.25
oracle mysql 5.1.66
oracle mysql 5.5.15
oracle mysql 5.1.64
oracle mysql 5.1.67
oracle mysql 5.1.56
oracle mysql 5.5.13
oracle mysql 5.5.12
oracle mysql 5.5.23
mariadb mariadb 5.1.49
mariadb mariadb 5.1.47
mariadb mariadb 5.1.51
mariadb mariadb 5.1.42
mariadb mariadb 5.1.61
mariadb mariadb 5.1.50
mariadb mariadb 5.1.53
mariadb mariadb 5.1.62
mariadb mariadb 5.1.44
mariadb mariadb 5.1.55
mariadb mariadb 5.1.41
mariadb mariadb 5.1.60
mariadb mariadb 5.2.10
mariadb mariadb 5.2.7
mariadb mariadb 5.2.9
mariadb mariadb 5.2.6
mariadb mariadb 5.2.1
mariadb mariadb 5.2.4
mariadb mariadb 5.2.8
mariadb mariadb 5.2.11
mariadb mariadb 5.2.12
mariadb mariadb 5.2.0
mariadb mariadb 5.2.5
mariadb mariadb 5.2.3
mariadb mariadb 5.2.2
mariadb mariadb 5.3.1
mariadb mariadb 5.3.0
mariadb mariadb 5.3.4
mariadb mariadb 5.3.5
mariadb mariadb 5.3.6
mariadb mariadb 5.3.7
mariadb mariadb 5.3.2
mariadb mariadb 5.3.3
mariadb mariadb 5.5.20
mariadb mariadb 5.5.22
mariadb mariadb 5.5.23
mariadb mariadb 5.5.21
mariadb mariadb 5.5.24
mariadb mariadb 5.5.25

Debian Bug report logs - #690778 mysql-55: New security issues from October Patch Update Package: mysql-55; Maintainer for mysql-55 is Debian MySQL Maintainers <pkg-mysql-maint@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 17 Oct 2012 13:36:02 UTC Owned by: nicholas@periaptc ...

Debian Bug report logs - #687484 CVE-2012-4414: SQL injection Package: mysql-51; Maintainer for mysql-51 is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 13 Sep 2012 08:06:01 UTC Severity: grave Tags: security Found in version 5166-0+squeeze1 Fixed in versions 5172-1, 5529+dfsg-1 Done: He ...

CWE-89 http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/http://www.securityfocus.com/bid/55498 https://bugzilla.redhat.com/show_bug.cgi?id=852144 http://bugs.mysql.com/bug.php?id=66550 http://www.openwall.com/lists/oss-security/2012/09/11/4 https://mariadb.atlassian.net/browse/MDEV-382 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690778 https://nvd.nist.gov

CVE-2012-4414

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect