Intel

AIKIDO-2026-296083

mariadb is vulnerable to SQL Injection

SQL Injection Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published 3 days ago

81

High Risk

This Affects:

JSmariadb
0.7.0 - 3.2.3
Fixed in 3.2.4
3.3.0 - 3.3.2
Fixed in 3.3.3
3.4.0 - 3.4.5
Fixed in 3.4.6
3.5.1 - 3.5.2
Fixed in 3.5.3
Are you affected? Scan for Free

TL;DR

The connector escapes Buffer query parameters with a byte-wise routine that inserts a backslash before quote and backslash bytes without accounting for multi-byte client charsets. When the connection uses a big5, gbk, sjis, cp932, or gb18030 charset, a crafted multi-byte sequence can absorb the inserted backslash so an attacker-influenced buffer breaks out of the surrounding string literal and injects arbitrary SQL. An attacker who controls the content of a buffer parameter can alter query structure and read or modify data beyond the intended statement. The fix adds charset-aware escaping that keeps valid multi-byte characters intact and escapes lone lead bytes so they cannot combine with following bytes on the wire.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and connecting with a big5, gbk, sjis, cp932, or gb18030 client charset.

Background info

mariadb is vulnerable to SQL Injection in versions 0.7.0 - 3.2.3, 3.3.0 - 3.3.2, 3.4.0 - 3.4.5 and 3.5.1 - 3.5.2.

How to fix this

Upgrade the mariadb library to the patch version.