Description

sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.

Remediation

References

CVE-2008-7247

Related Vulnerabilities

PHP Other Vulnerability (CVE-2007-1396)

PHP Numeric Errors Vulnerability (CVE-2015-7804)

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-23181)

WordPress 3.7.x Cross-Site Request Forgery (3.7 - 3.7.28)

phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-6628)

Severity

Medium

Classification

CVE-2008-7247 CWE-59

Tags

Missing Update Known Vulnerabilities