Unrated severityNVD Advisory· Published Feb 27, 2006· Updated Jun 16, 2026
CVE-2006-0903
CVE-2006-0903
Description
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
153cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:4.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:4.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:4.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:4.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:4.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
- (no CPE)range: <=5.0.18
cpe:2.3:a:oracle:mysql:3.23:*:*:*:*:*:*:*+ 116 more
- cpe:2.3:a:oracle:mysql:3.23:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.15:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.16:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.17:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.19:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.20:beta:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.21:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.22:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.23:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.24:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.25:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.26:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.27:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.28:gamma:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.29:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.30:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.31:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.32:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.33:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.34:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.35:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.36:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.37:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.38:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.39:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.40:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.41:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.42:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.43:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.44:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.45:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.46:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.47:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.48:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.50:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.51:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.56:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.57:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.58:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.59:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*
- osv-coords19 versionspkg:rpm/opensuse/mariadb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 10.6.4-2.1+ 18 more
- (no CPE)range: < 10.6.4-2.1
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
Patches
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
25- secunia.com/advisories/19034nvdVendor Advisory
- archives.neohapsis.com/archives/fulldisclosure/2006-02/0653.htmlnvd
- bugs.mysql.com/bug.phpnvd
- rst.void.ru/papers/advisory39.txtnvd
- secunia.com/advisories/19502nvd
- secunia.com/advisories/19814nvd
- secunia.com/advisories/20241nvd
- secunia.com/advisories/20253nvd
- secunia.com/advisories/20333nvd
- secunia.com/advisories/20625nvd
- secunia.com/advisories/30351nvd
- securitytracker.com/idnvd
- www.debian.org/security/2006/dsa-1071nvd
- www.debian.org/security/2006/dsa-1073nvd
- www.debian.org/security/2006/dsa-1079nvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2006-0544.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0083.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0364.htmlnvd
- www.securityfocus.com/bid/16850nvd
- www.ubuntu.com/usn/usn-274-2nvd
- www.vupen.com/english/advisories/2006/0752nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24966nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9915nvd
- usn.ubuntu.com/274-1/nvd
News mentions
0No linked articles in our index yet.