Description

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

Remediation

References

CVE-2003-0150

Related Vulnerabilities

WordPress Plugin JH 404 Logger Cross-Site Scripting (1.1)

WordPress Plugin Slider by 10Web-Responsive Image Slider Unspecified Vulnerability (1.1.9)

Jenkins Improper Input Validation Vulnerability (CVE-2012-6072)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4901)

Jenkins CVE-2023-43498 Vulnerability (CVE-2023-43498)

Severity

Critical

Classification

CVE-2003-0150

Tags

Missing Update Known Vulnerabilities