Description
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
Remediation
References
Related Vulnerabilities
WordPress Plugin Query Interface Security Bypass (1.1)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0096)
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4320)
PHP NULL Pointer Dereference Vulnerability (CVE-2016-10162)
WordPress Plugin Video Gallery /w YouTube, Vimeo Arbitrary File Upload (8.48)