CVE-2012-4414

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

Published: Jan 22, 2013
Updated: Nov 9, 2025
CVE: CVE-2012-4414
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
oracle / mysql	5.5.10	5.5.10.x
oracle / mysql	5.1.63	5.1.63.x
oracle / mysql	5.1.52	5.1.52.x
oracle / mysql	5.1.59	5.1.59.x
oracle / mysql	5.5.27	5.5.27.x
oracle / mysql	5.1.51	5.1.51.x
oracle / mysql	5.1.62	5.1.62.x
oracle / mysql	5.1.60	5.1.60.x
oracle / mysql	5.5.19	5.5.19.x
oracle / mysql	5.1.52-sp1	5.1.52-sp1.x
oracle / mysql	5.1.54	5.1.54.x
oracle / mysql	5.1.53	5.1.53.x
oracle / mysql	5.5.17	5.5.17.x
oracle / mysql	5.1.61	5.1.61.x
oracle / mysql	5.1.55	5.1.55.x
oracle / mysql	5.1.57	5.1.57.x
oracle / mysql	5.5.22	5.5.22.x
oracle / mysql	5.5.14	5.5.14.x
oracle / mysql	-	5.5.28.x
oracle / mysql	5.5.16	5.5.16.x
oracle / mysql	5.5.11	5.5.11.x
oracle / mysql	5.1.65	5.1.65.x
oracle / mysql	5.5.21	5.5.21.x
oracle / mysql	5.1.58	5.1.58.x
oracle / mysql	5.5.26	5.5.26.x
oracle / mysql	5.5.20	5.5.20.x
oracle / mysql	5.5.18	5.5.18.x
oracle / mysql	5.5.24	5.5.24.x
oracle / mysql	5.5.25	5.5.25.x
oracle / mysql	5.1.66	5.1.66.x
oracle / mysql	5.5.15	5.5.15.x
oracle / mysql	5.1.64	5.1.64.x
oracle / mysql	5.1.67	5.1.67.x
oracle / mysql	5.1.56	5.1.56.x
oracle / mysql	5.5.13	5.5.13.x
oracle / mysql	5.5.25-a	5.5.25-a.x
oracle / mysql	5.5.12	5.5.12.x
oracle / mysql	5.5.23	5.5.23.x
mariadb / mariadb	5.1.49	5.1.49.x
mariadb / mariadb	5.1.47	5.1.47.x
mariadb / mariadb	5.1.51	5.1.51.x
mariadb / mariadb	5.1.42	5.1.42.x
mariadb / mariadb	5.1.61	5.1.61.x
mariadb / mariadb	5.1.50	5.1.50.x
mariadb / mariadb	5.1.53	5.1.53.x
mariadb / mariadb	5.1.62	5.1.62.x
mariadb / mariadb	5.1.44	5.1.44.x
mariadb / mariadb	5.1.55	5.1.55.x
mariadb / mariadb	5.1.41	5.1.41.x
mariadb / mariadb	5.1.60	5.1.60.x
mariadb / mariadb	5.2.10	5.2.10.x
mariadb / mariadb	5.2.7	5.2.7.x
mariadb / mariadb	5.2.9	5.2.9.x
mariadb / mariadb	5.2.6	5.2.6.x
mariadb / mariadb	5.2.1	5.2.1.x
mariadb / mariadb	5.2.4	5.2.4.x
mariadb / mariadb	5.2.8	5.2.8.x
mariadb / mariadb	5.2.11	5.2.11.x
mariadb / mariadb	5.2.12	5.2.12.x
mariadb / mariadb	5.2.0	5.2.0.x
mariadb / mariadb	5.2.5	5.2.5.x
mariadb / mariadb	5.2.3	5.2.3.x
mariadb / mariadb	5.2.2	5.2.2.x
mariadb / mariadb	5.3.1	5.3.1.x
mariadb / mariadb	5.3.0	5.3.0.x
mariadb / mariadb	5.3.4	5.3.4.x
mariadb / mariadb	5.3.5	5.3.5.x
mariadb / mariadb	5.3.6	5.3.6.x
mariadb / mariadb	5.3.7	5.3.7.x
mariadb / mariadb	5.3.2	5.3.2.x
mariadb / mariadb	5.3.3	5.3.3.x
mariadb / mariadb	5.5.20	5.5.20.x
mariadb / mariadb	5.5.22	5.5.22.x
mariadb / mariadb	5.5.23	5.5.23.x
mariadb / mariadb	5.5.21	5.5.21.x
mariadb / mariadb	5.5.24	5.5.24.x
mariadb / mariadb	5.5.25	5.5.25.x

Vulnerability Database

300,826

CVE-2012-4414

Deep Security Visibility Without the Complexity