Description

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

Remediation

References

CVE-2005-0709

Related Vulnerabilities

Java Unspesificed Vulnerability (CVE-2018-2941)

WordPress Plugin PDF Viewer Cross-Site Scripting (0.1)

WordPress Plugin CM Download Manager Code Injection (2.0.3)

MySQL CVE-2015-0501 Vulnerability (CVE-2015-0501)

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-21016)

Severity

Medium

Classification

CVE-2005-0709 CWE-94

Tags

Missing Update Known Vulnerabilities