The version of MariaDB installed on the remote host is prior to 5.1.66. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-5166-release-notes advisory.

  - Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and     MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow     remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE:
    as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29     is incomplete. (CVE-2012-4414)

  - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and     earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via     unknown vectors related to Information Schema. (CVE-2012-3163)

  - Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote     authenticated users to affect availability, related to GIS Extension. (CVE-2012-0540)

  - Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote     authenticated users to affect availability via unknown vectors related to Server Optimizer.
    (CVE-2012-1689)

  - Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote     authenticated users to affect availability via unknown vectors related to Server Optimizer.
    (CVE-2012-1734)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

MariaDB 5.1.0 < 5.1.66 Multiple Vulnerabilities

high Nessus Plugin ID 63147

Version 1.16

Version 1.15

Version 1.16 Jun 24, 2025, 7:23 AM CVSS metrics ("CVSSv3 score" set to 8.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSS metrics ("Cvssv4 score" set to 0.0) CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 severity (based on None, severity decreased from "High" to "Low") CVSSv3 score source (set to "CVE-2012-4414") Detection (updated detection logic) Plugin categorization ("Agent" set to "all") Plugin categorization ("Plugin type" changed from "remote" to "combined") Plugin metadata Plugin Feed: 202506240723
Version 1.15 Nov 18, 2022, 9:50 PM CVE CVSS metrics CVSSv2 score source (Changed from None to CVE-2012-3163) CVSSv2 severity (Based on CVE-2012-3163 severity increased from Medium to High) Plugin Feed: 202211182150