Description
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
Remediation
References
Related Vulnerabilities
WordPress Plugin 2Way VideoCalls and Random Chat-HTML5 Webcam Videochat Cross-Site Scripting (4.41)
Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-13404)
WordPress Plugin Wunderbar Basic Cross-Site Scripting (1.1.3)
WordPress Plugin Login or Logout Menu Item Security Bypass (1.1.1)