Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MySQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-5026)

Description

The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.

Remediation

References

Related Vulnerabilities

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10968)

WordPress Plugin Elementor Website Builder Arbitrary File Upload (3.18.1)

Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000484)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16809)

WordPress Plugin WordPress File Upload Cross-Site Request Forgery (2.4.1)

Severity

Medium

Classification

CVE-2009-5026 CWE-138

Tags

Missing Update Known Vulnerabilities