Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2007-2692

Опубликовано: 16 мая 2007
Источник: nvd
CVSS2: 6
EPSS Низкий

Описание

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*

EPSS

Процентиль: 73%
0.00773
Низкий

6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2007-2692

ubuntu
около 18 лет назад

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

redhat логотип

CVE-2007-2692

redhat
около 18 лет назад

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

debian логотип

CVE-2007-2692

debian
около 18 лет назад

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x be ...

github логотип

GHSA-p759-pfvw-7vmx

github
больше 3 лет назад

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

oracle-oval логотип

ELSA-2008-0364

oracle-oval
около 17 лет назад

ELSA-2008-0364: mysql security and bug fix update (LOW)

EPSS

Процентиль: 73%
0.00773
Низкий

6 Medium

CVSS2

Дефекты

NVD-CWE-Other