Description
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
Remediation
References
Related Vulnerabilities
WordPress Plugin Import all XML, CSV & TXT into WordPress Multiple Vulnerabilities (6.5.7)
PHP Resource Management Errors Vulnerability (CVE-2010-2225)
WordPress Plugin Import all XML, CSV & TXT into WordPress Cross-Site Scripting (3.8.7)
SharePoint CVE-2021-1726 Vulnerability (CVE-2021-1726)
Drupal Core 8.9.x Multiple Security Bypass Vulnerabilities (8.9.0 - 8.9.18)