MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2006-08-18 20:04
Updated : 2024-02-04 16:52
NVD link : CVE-2006-4227
Mitre link : CVE-2006-4227
CVE.ORG link : CVE-2006-4227
JSON object : View
Products Affected
oracle
- mysql
mysql
- mysql
CWE
CWE-20
Improper Input Validation