JVN#51216285
DBD::mysqlPP vulnerable to SQL injection
Overview
DBD::mysqlPP contains a SQL injection vulnerability.
Products Affected
- DBD::mysqlPP version 0.04 and earlier
Description
DBD::mysqlPP is a Perl module that provides a client interface for MySQL. DBD::mysqlPP contains a SQL injection vulnerability.
Impact
An attacker may view or alter information stored in the database.
Solution
Do not use DBD::mysqlPP
According to the developer, "DBD::mysqlPP was developed as a joke
program and designed for use in private situations or for understanding
the MySQL communication protocol. For usages other than these stated, it
is recommended to use DBD::mysql which is a library with the same API."
For more information on DBD::mysql, check the following:
DBD::mysql
http://search.cpan.org/dist/DBD-mysql/
Vendor Status
| Vendor | Link |
| Hiroyuki Oyama | DBD::mysqlPP |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Toshiharu Sugiyama of UBsecure, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2011-3989 |
| JVN iPedia |
JVNDB-2011-000086 |