Description

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

Remediation

References

CVE-2004-0957

Related Vulnerabilities

WordPress Plugin News Element Elementor Blog Magazine Local File Inclusion (1.0.5)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-1033)

WordPress Plugin Visual Composer:Page Builder for WordPress Local File Inclusion (5.1)

MySQL CVE-2014-0431 Vulnerability (CVE-2014-0431)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35480)

Severity

Medium

Classification

CVE-2004-0957

Tags

Missing Update Known Vulnerabilities