Description
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
Remediation
References
Related Vulnerabilities
WordPress Plugin TallyKit Cross-Site Scripting (5.4)
WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar Cross-Site Scripting (3.0.1)
WebLogic CVE-2020-14637 Vulnerability (CVE-2020-14637)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-0361)
WordPress Plugin Royal Elementor Addons and Templates Arbitrary File Upload (1.3.78)