Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MariaDB Server 5.5.x < 5.5.33 / 5.6.x < 5.6.13 SQL Injection

Medium

Synopsis

The remote database server is affected by multiple SQL Injection attack vectors.

Description

MariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is 5.5.x earlier than 5.5.33, or 5.6.x earlier than 5.6.13, and is therefore affected by multiple SQL injection vulnerabilities. User-supplied identifiers are not properly quoted before being written into the binary log. An attacker with a valid account and privileges to modify data could exploit this to modify tables that they should not have access to.

Solution

Upgrade to version 5.6.13, or higher. If 5.6.x cannot be obtained, version 5.5.33 is also patched for these vulnerabilities.