Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.

The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories.