Description
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2006-0267 Vulnerability (CVE-2006-0267)
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.9.24)
IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1476)
Oracle Database Server CVE-2007-3854 Vulnerability (CVE-2007-3854)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.68)