BIT-mysql-client-2026-44172
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/mysql-client/BIT-mysql-client-2026-44172.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-mysql-client-2026-44172
- Aliases
-
- BIT-mariadb-2026-44172
- BIT-mariadb-min-2026-44172
- CVE-2026-44172
- GHSA-pv9p-5w55-55jm
- PYSEC-2026-217
- Published
- 2026-06-16T11:50:09.056Z
- Modified
- 2026-06-17T19:41:04.348078429Z
- Summary
- MariaDB: mysql_real_escape_string() incorrectly handled big5
- Details
-
MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring() and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections, even though mysqlrealescapestring() was supposed to prevent them. This issue has been patched in versions 3.3.19 and 3.4.9.
- Database specific
{ "cpes": [ "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*" ], "severity": "Medium" }- References
Affected packages
Bitnami / mysql-client
Package
- Name
- mysql-client
- Purl
- pkg:bitnami/mysql-client
Severity
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator