Description
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Remediation
References
Related Vulnerabilities
MongoDb Improper Input Validation Vulnerability (CVE-2021-20330)
WordPress Plugin WooCommerce Subscriptions Cross-Site Scripting (2.6.2)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2011-0754)
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19594)