VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Aug 17, 2012· Updated Apr 29, 2026

CVE-2009-5026

CVE-2009-5026

Description

The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.

Affected products

85
  • MySQL/MySQL21 versions
    cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.45:b:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.84:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.87:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.1.31:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.1.34:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.1.37:*:*:*:*:*:*:*
  • Oracle Corporation/MySQL64 versions
    cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*+ 63 more
    • cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.67:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.75:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.77:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.81:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.83:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.85:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.86:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.88:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.89:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.90:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.91:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.92:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.23:a:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.24:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.25:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.26:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.27:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.28:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.29:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.31:sp1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.33:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.34:sp1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.35:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.36:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.37:sp1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.38:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.39:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.40:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.40:sp1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.41:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.42:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.43:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.43:sp1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.44:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.45:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.46:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.46:sp1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.47:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.48:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.49:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.49:sp1:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.