Description

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

Remediation

References

CVE-2004-0957

Related Vulnerabilities

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-6308)

Oracle JRE CVE-2022-21248 Vulnerability (CVE-2022-21248)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Cross-Site Scripting (3.6.7)

TYPO3 Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-31046)

WordPress Plugin Simple:Press-WordPress Forum Arbitrary File Upload (6.6.0)

Severity

Medium

Classification

CVE-2004-0957

Tags

Missing Update Known Vulnerabilities