Description

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Remediation

References

CVE-2008-2079

Related Vulnerabilities

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2571)

WordPress Plugin College publisher Import Arbitrary File Upload (0.1)

Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2018-8005)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.15)

Severity

Medium

Classification

CVE-2008-2079 CWE-264

Tags

Missing Update Known Vulnerabilities