Version 5.0.37 of the widely used open source database includes fixes for bugs and potential vulnerabilities. A single command containing a prepared ORDER-BY statement was sufficient to cause a crash. In order to crash the system an attacker would have to be able to pass the command to the database interface directly however numerous web applications include vulnerabilities with which this can be done, using, for example, manipulated user entries. Further information on vulnerabilities in web applications can be found in the article Web application security on heise Security.”]

