CVE-2009-5026
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
17/08/2012
Last modified:
17/12/2019
Description
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:* | ||
cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:* | ||
cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:* | ||
cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:* | ||
cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:* | ||
cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:* | ||
cpe:2.3:a:mysql:mysql:5.0.45:b:*:*:*:*:*:* | ||
cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:* | ||
cpe:2.3:a:mysql:mysql:5.0.84:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugs.mysql.com/bug.php?id=49124
- http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html
- http://seclists.org/oss-sec/2011/q4/101
- http://secunia.com/advisories/49179
- https://bugzilla.redhat.com/show_bug.cgi?id=640177