Description
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
Remediation
References
Related Vulnerabilities
Liferay DXP Insecure Default Initialization of Resource Vulnerability (CVE-2024-26267)
MySQL CVE-2012-0484 Vulnerability (CVE-2012-0484)
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-41892)
Internet Information Services Other Vulnerability (CVE-2002-0148)