CVE-2006-2753 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-2753
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-2753

Description: SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26875 UBUNTU http://www.ubuntu.com/usn/usn-288-3 http://www.ubuntulinux.org/support/documentation/usn/usn-303-1 TRUSTIX http://www.trustix.org/errata/2006/0034/ ST 1016216 SAID Secunia Advisory: SA20531 Secunia Advisory: SA20541 Secunia Advisory: SA20489 Secunia Advisory: SA20365 Secunia Advisory: SA20562 Secunia Advisory: SA20625 Secunia Advisory: SA20712 Secunia Advisory: SA24479 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0544.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:097 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200606-13.xml DEBIAN http://www.debian.org/security/2006/dsa-1092 CONFIRM http://docs.info.apple.com/article.html?artnum=305214 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735 http://lists.mysql.com/announce/364 CERT http://www.us-cert.gov/cas/techalerts/TA07-072A.html BID 18219 APPLE http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

Return to the previous page.