Description
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
Remediation
References
Related Vulnerabilities
WebLogic Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-27568)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1975)
Moodle Improper Access Control Vulnerability (CVE-2016-3733)
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.136.3)
WordPress Plugin Insert or Embed Articulate Content into WordPress Directory Traversal (4.2999)