Description

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

Remediation

References

CVE-2003-0150

Related Vulnerabilities

WordPress Plugin Contact Form 7 Arbitrary File Upload (3.5.2)

WordPress Plugin Interactive Geo Maps Cross-Site Scripting (1.5.8)

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18083)

MySQL CVE-2022-21425 Vulnerability (CVE-2022-21425)

CubeCart Session Fixation Vulnerability (CVE-2021-33394)

Severity

Critical

Classification

CVE-2003-0150

Tags

Missing Update Known Vulnerabilities