Description

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Remediation

References

CVE-2008-4098

Related Vulnerabilities

WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (4.2997)

WordPress Plugin Zotpress 'zotpress.rss.php' SQL Injection (4.4)

WordPress Plugin Catch Duplicate Switcher Security Bypass (1.5.2)

CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-2117)

WordPress Plugin Social Login by BestWebSoft Cross-Site Scripting (0.1)

Severity

Medium

Classification

CVE-2008-4098 CWE-59

Tags

Missing Update Known Vulnerabilities