Description
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
Remediation
References
Related Vulnerabilities
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3481)
WordPress Plugin pootle button Cross-Site Scripting (1.1.1)
WordPress Plugin Esponce QR Code Generator Cross-Site Scripting (1.4)
WordPress Plugin Good LMS-Learning Management System SQL Injection (2.1.4)