CVE-2008-4456

EPSS 6.32% · P91 Updated Feb 21, 2026

Public Exploits 1

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-4456

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

MySQL命令行客户端HTML注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Oracle MySQL是美国甲骨文（Oracle）公司的一套开源的关系数据库管理系统。该数据库系统具有性能高、成本低、可靠性好等特点。 mysql命令行客户端工具没有在输出中引用"&"、"<"、">"、"""等特殊HTML字符，如果远程攻击者拥有向表格写入数据的权限的话，就可以在输出中注入JavaScript等代码。当用户查看恶意数据库项的HTML输出时，就会在浏览器会话中执行注入的脚本代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2008-4456

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2008-4456

请登录查看更多情报信息。

http://bugs.mysql.com/bug.php?id=27884x_refsource_CONFIRM
http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerabilityx_refsource_MISC
http://support.apple.com/kb/HT4077x_refsource_CONFIRM
http://securityreason.com/securityalert/4357third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/36566third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/34907third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/31486vdb-entryx_refsource_BID
http://secunia.com/advisories/32072third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/38517third-party-advisoryx_refsource_SECUNIA
http://ubuntu.com/usn/usn-897-1vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1397-1vendor-advisoryx_refsource_UBUNTU
http://www.redhat.com/support/errata/RHSA-2010-0110.htmlvendor-advisoryx_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094vendor-advisoryx_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2009-1289.htmlvendor-advisoryx_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlvendor-advisoryx_refsource_APPLE
https://exchange.xforce.ibmcloud.com/vulnerabilities/45590vdb-entryx_refsource_XF
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11456vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/archive/1/496842/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/496877/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/497158/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/497885/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://seclists.org/bugtraq/2008/Oct/0026.htmlmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2008-4456

Same Patch Batch · n/a · 2008-10-06 · 15 CVEs total

CVE-2008-4450		apache_friends xampp 'adodb.php' 跨站脚本攻击漏洞
CVE-2008-4451		eset_software system_analyzer_tool 'esiasdrv.sys' 权限许可和访问控制漏洞
CVE-2008-4452		cambridge_computer_corporation vxftpsrv 缓冲区溢出漏洞
CVE-2008-4453		dspicture pro_imaging_sdk 权限许可和访问控制漏洞
CVE-2008-4454		MySQL Quick Admin 'actions.php' 路径遍历漏洞
CVE-2008-4455		EKINdesigns MySQL Quick Admin 'index.php' 路径遍历漏洞
CVE-2008-4447		positive_software h-sphere WebShell 'actions.php' 跨站脚本攻击漏洞
CVE-2008-4448		positive_software h-sphere WebShell 'actions.php' 跨站请求伪造漏洞
CVE-2008-4449		mIRC 'PRIVMSG' 缓冲区溢出漏洞
CVE-2008-4278		VMware产品本地明文口令泄露漏洞
CVE-2008-4279		Vmware 产品本地权限提升及信息泄露漏洞
CVE-2008-4445		Linux Kernel SCTP模块多个安全漏洞
CVE-2008-4446		Nucleus CMS EUC-JP 跨站脚本攻击漏洞
CVE-2008-3872		Adobe Flash Player 权限许可和访问控制问题漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2008-4456

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2008-4456

Public Exploits 1

I. Basic Information for CVE-2008-4456

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2008-4456

III. Intelligence Information for CVE-2008-4456

Same Patch Batch · n/a · 2008-10-06 · 15 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2008-4456

Leave a comment