Description
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
Remediation
References
Related Vulnerabilities
MySQL CVE-2012-0488 Vulnerability (CVE-2012-0488)
TYPO3 Improper Input Validation Vulnerability (CVE-2010-4068)
WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)
Play Framework Uncontrolled Recursion Vulnerability (CVE-2020-26883)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2017-5340)