Description
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
Remediation
References
Related Vulnerabilities
Jboss EAP Incorrect Authorization Vulnerability (CVE-2014-0169)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17531)
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-30384)
WordPress Plugin YITH WooCommerce Wishlist Security Bypass (2.2.13)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4298)