MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
Max CVSS
4.6
EPSS Score
0.06%
Published
2006-02-27
Updated
2023-02-13
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
Max CVSS
2.1
EPSS Score
0.10%
Published
2006-08-09
Updated
2019-12-17
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.
Max CVSS
6.5
EPSS Score
3.80%
Published
2006-08-18
Updated
2019-12-17
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
Max CVSS
3.5
EPSS Score
0.72%
Published
2006-12-31
Updated
2018-10-17
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
Max CVSS
2.1
EPSS Score
0.05%
Published
2007-03-12
Updated
2019-12-17
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
Max CVSS
4.0
EPSS Score
0.28%
Published
2007-05-10
Updated
2021-11-08
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
Max CVSS
4.9
EPSS Score
0.25%
Published
2007-05-16
Updated
2018-10-19
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
Max CVSS
6.0
EPSS Score
1.45%
Published
2007-05-16
Updated
2019-12-17
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
Max CVSS
4.0
EPSS Score
0.43%
Published
2007-07-15
Updated
2018-10-15
MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
Max CVSS
3.5
EPSS Score
0.35%
Published
2007-07-15
Updated
2018-10-15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!