PyPi: Mysql-Connector-Python

CVE-2024-21272

Safety vulnerability ID: 78798

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Oct 15, 2024 Updated at Aug 18, 2025

Scan your Python projects for vulnerabilities →

Advisory

Affected versions of the mysql-connector-python package are vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands. The connector’s SQL-handling logic in the Connector/Python module fails to sanitize user-controlled input passed to internal SQL execution routines, allowing injection of malicious SQL syntax. An attacker with network access and low privileges can exploit this by crafting input that alters connector-issued queries, potentially enabling takeover of MySQL Connector/Python processes with full confidentiality, integrity, and availability impact.

Affected package

mysql-connector-python

Latest version: 9.4.0

A self-contained Python driver for communicating with MySQL servers, using an API that is compliant with the Python Database API Specification v2.0 (PEP 249).

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): HIGH