Description
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
Remediation
References
Related Vulnerabilities
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3722)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4407)
WordPress Plugin PhotoXhibit Multiple Cross-Site Scripting Vulnerabilities (2.1.8)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-9547)
WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Scripting (1.8.1)