CVE-2006-2753

NameCVE-2006-2753
DescriptionSQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1092-1
NVD severityhigh (attack range: remote)
Debian Bugs369735, 369754

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mysqlsource(unstable)(not affected)
mysql-dfsgsource(unstable)(not affected)
mysql-dfsg-4.1source(unstable)(unfixed)medium369754
mysql-dfsg-4.1sourcesarge4.1.11a-4sarge4highDSA-1092-1
mysql-dfsg-5.0source(unstable)5.0.22-1medium369735

Notes

- mysql-dfsg <not-affected> (Vulnerable code was introduced in 4.1, see #369741)
- mysql <not-affected> (Vulnerable code was introduced in 4.1, see #369754)

Search for package or bug name: Reporting problems