Description

MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.

Remediation

References

CVE-2006-4227

Related Vulnerabilities

MySQL CVE-2022-21337 Vulnerability (CVE-2022-21337)

WordPress Plugin WP Marketplace TimThumb Arbitrary File Upload (1.1.0)

Atlassian Jira Improper Authentication Vulnerability (CVE-2019-8443)

Oracle Database Server CVE-2006-5339 Vulnerability (CVE-2006-5339)

WordPress Plugin SEO Redirection-301 Redirect Manager SQL Injection (8.1)

Severity

Medium

Classification

CVE-2006-4227 CWE-20

Tags

Missing Update Known Vulnerabilities