Mysql : Security Vulnerabilities, CVEs, Published In August 2005
The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.
Max CVSS
5.0
EPSS Score
0.59%
Published
2005-08-16
Updated
2019-12-17
Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.
Max CVSS
4.6
EPSS Score
96.77%
Published
2005-08-16
Updated
2019-12-17
2 vulnerabilities found