CVSS: 4.6EPSS: 0%CPEs: 133EXPL: 1CVE-2006-0903 – MySQL 5.0.18 - Query Logging Bypass
https://notcve.org/view.php?id=CVE-2006-0903
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. • https://www.exploit-db.com/exploits/27326 http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0653.html http://bugs.mysql.com/bug.php?id=17667 http://rst.void.ru/papers/advisory39.txt http://secunia.com/advisories/19034 http://secunia.com/advisories/19502 http://secunia.com/advisories/19814 http://secunia.com/advisories/20241 http://secunia.com/advisories/20253 http://secunia.com/advisories/20333 http://secunia.com/advisories/20625 http://secunia.com/advisories& •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0369
https://notcve.org/view.php?id=CVE-2006-0369
MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access • http://www.securityfocus.com/archive/1/422491/100/0/threaded http://www.securityfocus.com/archive/1/422592/100/0/threaded http://www.securityfocus.com/archive/1/422698/100/0/threaded http://www.securityfocus.com/archive/1/423180/30/7310/threaded http://www.securityfocus.com/archive/1/423204/100/0/threaded http://www.securityfocus.com/archive/1/423228/100/0/threaded http://www.securityfocus.com/archive/1/423432/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •