Description
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Unspecified Vulnerability (3.9.1)
SharePoint Out-of-bounds Write Vulnerability (CVE-2018-0792)
WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Arbitrary File Upload (1.3.3.2)
WordPress Plugin SAML SP Single Sign On-SSO login Cross-Site Scripting (4.8.72)