This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200606-13
(MySQL: SQL Injection)
MySQL is vulnerable to an injection flaw in mysql_real_escape() when
used with multi-byte characters.
Due to a flaw in the multi-byte character process, an attacker is still
able to inject arbitary SQL statements into the MySQL server for
There are a few workarounds available: NO_BACKSLASH_ESCAPES mode as a
workaround for a bug in mysql_real_escape_string(): SET
sql_mode='NO_BACKSLASH_ESCAPES'; SET GLOBAL
sql_mode='NO_BACKSLASH_ESCAPES'; and server command line options:
See also :
All MySQL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/mysql-4.1.20'
Risk factor :
High / CVSS Base Score : 7.5