Description
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
Remediation
References
Related Vulnerabilities
Drupal Improper Input Validation Vulnerability (CVE-2010-2473)
Apache Tomcat CVE-2022-29885 Vulnerability (CVE-2022-29885)
WordPress Plugin MyBB Cross-Poster Cross-Site Scripting (1.0)
Jetty Improper Access Control Vulnerability (CVE-2016-4800)
OpenSSL Improper Authentication Vulnerability (CVE-2009-0591)