Описание
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 5.0.22-0ubuntu6.06.8 |
| devel | released | 5.0.45-1ubuntu2 |
| edgy | released | 5.0.24a-9ubuntu2.4 |
| feisty | released | 5.0.38-0ubuntu1.4 |
| gutsy | released | 5.0.45-1ubuntu2 |
| upstream | released | 5.0.40 |
Показывать по
EPSS
6 Medium
CVSS2
Связанные уязвимости
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x be ...
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
EPSS
6 Medium
CVSS2