Description
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
Remediation
References
Related Vulnerabilities
WordPress Plugin Content Grabber Multiple Vulnerabilities (1.0)
Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-5045)
WordPress Plugin Site Reviews Cross-Site Scripting (5.13.0)
Oracle Database Server CVE-2011-2244 Vulnerability (CVE-2011-2244)
Drupal Improper Input Validation Vulnerability (CVE-2012-1589)