7.5

CVE-2006-2753

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MysqlMysql Version4.1.0
MysqlMysql Version4.1.2
MysqlMysql Version4.1.3
MysqlMysql Version4.1.8
MysqlMysql Version4.1.10
MysqlMysql Version4.1.12
MysqlMysql Version4.1.13
MysqlMysql Version4.1.14
MysqlMysql Version4.1.15
MysqlMysql Version5.0.0
MysqlMysql Version5.0.1
MysqlMysql Version5.0.2
MysqlMysql Version5.0.3
MysqlMysql Version5.0.4
MysqlMysql Version5.0.5
MysqlMysql Version5.0.10
MysqlMysql Version5.0.15
MysqlMysql Version5.0.16
MysqlMysql Version5.0.17
MysqlMysql Version5.0.20
OracleMysql Version4.1.1
OracleMysql Version4.1.4
OracleMysql Version4.1.5
OracleMysql Version4.1.6
OracleMysql Version4.1.7
OracleMysql Version4.1.9
OracleMysql Version4.1.11
OracleMysql Version4.1.16
OracleMysql Version4.1.17
OracleMysql Version4.1.18
OracleMysql Version4.1.19
OracleMysql Version5.0.6
OracleMysql Version5.0.7
OracleMysql Version5.0.8
OracleMysql Version5.0.9
OracleMysql Version5.0.11
OracleMysql Version5.0.12
OracleMysql Version5.0.13
OracleMysql Version5.0.14
OracleMysql Version5.0.18
OracleMysql Version5.0.19
OracleMysql Version5.0.21
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.54% 0.878
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://docs.info.apple.com/article.html?artnum=305214
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
http://secunia.com/advisories/24479
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
US Government Resource
http://www.vupen.com/english/advisories/2007/0930
http://secunia.com/advisories/20625
http://www.redhat.com/support/errata/RHSA-2006-0544.html
http://secunia.com/advisories/20531
http://www.trustix.org/errata/2006/0034/
http://www.ubuntu.com/usn/usn-288-3
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735
http://lists.mysql.com/announce/364
Patch
http://secunia.com/advisories/20365
http://secunia.com/advisories/20489
http://secunia.com/advisories/20541
http://secunia.com/advisories/20562
http://secunia.com/advisories/20712
http://securitytracker.com/id?1016216
http://www.debian.org/security/2006/dsa-1092
http://www.gentoo.org/security/en/glsa/glsa-200606-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:097
http://www.securityfocus.com/bid/18219
http://www.vupen.com/english/advisories/2006/2105
https://exchange.xforce.ibmcloud.com/vulnerabilities/26875
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10312
https://usn.ubuntu.com/303-1/