Description
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
Remediation
References
Related Vulnerabilities
Jboss EAP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-0248)
WebLogic CVE-2016-3499 Vulnerability (CVE-2016-3499)
WordPress 3.5.1 Multiple Vulnerabilities (2.0 - 3.5.1)
WordPress Plugin GS Portfolio for Envato Cross-Site Scripting (1.3.8)
WordPress Plugin MSMC-Redirect After Comment Multiple Vulnerabilities (2.1.2)