By passing a certain parameter to the query, an attacker can execute arbitrary SQL code and obtain sensitive information. - Fixed in 5.1.1. - CVE-2016-1266 - Fixed in 5.1.1. - CVE-2016-1267 - Fixed in 5.1.1. - CVE-2016-1268 - Fixed in 5.1.1. - CVE-2016-1269 - Fixed in 5.1.1. - CVE-2016-1270 - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. - Fixed in 5.1.1. -
2.3.0 - June 19, 2017
Fixed in 2.3.0:
- Fixed an issue where the LDAP plugin could not be configured to require SSL connections - Fixed an issue where the LDAP plugin failed to sanitize input data when displaying a user name or password in a dialog box
4 .1.1
Fixed in 5.1.2
SQL Injection Attack
SQL injection is a type of attack that exploits a programming flaw in which an application takes user input and executes it as SQL code. This allows an attacker to execute arbitrary SQL commands, insert or modify data in the database, or read from or write to any file accessible to the server.
The vulnerability is not limited to web-based applications but can occur in any programme that processes SQL queries.
3.2 .3.0
CVE-2018-5636 - Fixed in 5.3.2.2
Timeline
Published on: 09/09/2022 14:15:00 UTC
Last modified on: 09/13/2022 16:58:00 UTC