4Yka

**Name of the Vulnerable Software and Affected Versions** MySQL versions 5.0.18 and earlier **Description** The issue allows local users to bypass logging mechanisms via SQL queries that contain the NULL character. This is due to improper handling by the `mysql real query` function. It is noted that this issue was originally reported for the `mysql query` function, but the vendor states that since `mysql query` expects a null character, this is not an issue for `mysql query`. **Recommendations** For MySQL versions 5.0.18 and earlier, consider updating to a newer version to mitigate the risk, as the `mysql real query` function's improper handling of NULL characters in SQL queries can be exploited to bypass logging mechanisms. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MercuryBoard versions 1.1.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header in the index.php file. **Recommendations** For MercuryBoard versions 1.1.4 and earlier, update to a version later than 1.1.4 to resolve the issue.