Japan Vulnerability NotesJVN:51216285JVN#51216285: DBD::mysqlPP vulnerable to SQL injection
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
49.1%
DBD::mysqlPP is a Perl module that provides a client interface for MySQL. DBD::mysqlPP contains a SQL injection vulnerability.
Impact
An attacker may view or alter information stored in the database.
Solution
Do not use DBD::mysqlPP
According to the developer, “DBD::mysqlPP was developed as a joke program and designed for use in private situations or for understanding the MySQL communication protocol. For usages other than these stated, it is recommended to use DBD::mysql which is a library with the same API.”
For more information on DBD::mysql, check the following:
DBD::mysql
<http://search.cpan.org/dist/DBD-mysql/>
Products Affected
- DBD::mysqlPP version 0.04 and earlier
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
49.1%