Description

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

Remediation

References

CVE-2004-0957

Related Vulnerabilities

WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (4.2997)

Ruby Other Vulnerability (CVE-2012-5380)

Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9581)

MySQL Other Vulnerability (CVE-2002-1921)

Severity

Medium

Classification

CVE-2004-0957

Tags

Missing Update Known Vulnerabilities