Description
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3458 Vulnerability (CVE-2017-3458)
Joomla Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2023-23755)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-44040)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0185)