Description
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
Remediation
References
Related Vulnerabilities
Jenkins Insufficient Verification of Data Authenticity Vulnerability (CVE-2015-7539)
Python Integer Overflow or Wraparound Vulnerability (CVE-2015-1283)
Magento Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3458)
MySQL CVE-2018-3133 Vulnerability (CVE-2018-3133)
WordPress Plugin Husker Portfolio Cross-Site Request Forgery (0.3)