MariaDB Server 5.5.x < 5.5.33 / 5.6.x < 5.6.13 SQL Injection

Medium Nessus Network Monitor Plugin ID 9277


The remote database server is affected by multiple SQL Injection attack vectors.


MariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is 5.5.x earlier than 5.5.33, or 5.6.x earlier than 5.6.13, and is therefore affected by multiple SQL injection vulnerabilities. User-supplied identifiers are not properly quoted before being written into the binary log. An attacker with a valid account and privileges to modify data could exploit this to modify tables that they should not have access to.


Upgrade to version 5.6.13, or higher. If 5.6.x cannot be obtained, version 5.5.33 is also patched for these vulnerabilities.

See Also

Plugin Details

Severity: Medium

ID: 9277

Family: Database

Published: 2016/05/13

Modified: 2016/12/12

Dependencies: 8693

Nessus ID: 64503

Risk Information

Risk Factor: Medium


Base Score: 6.5

Temporal Score: 5.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 6.3

Temporal Score: 5.9


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mariadb:mariadb

Patch Publication Date: 2013/01/15

Vulnerability Publication Date: 2012/12/01

Reference Information

CVE: CVE-2012-4414

BID: 55498