Description

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.

Remediation

References

CVE-2005-1636

Related Vulnerabilities

WordPress Plugin WooCommerce Privilege Escalation (3.5.0)

phpList Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-6178)

WordPress Plugin WooCommerce Cross-Site Scripting (2.2.10)

WordPress Plugin Download Manager Multiple Cross-Site Scripting Vulnerabilities (3.2.48)

WordPress Improper Authentication Vulnerability (CVE-2009-2334)

Severity

Medium

Classification

CVE-2005-1636

Tags

Missing Update Known Vulnerabilities