Description
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
Remediation
References
Related Vulnerabilities
IBM WebSEAL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-4661)
WordPress Plugin GS Books Showcase Cross-Site Scripting (1.3.0)
WordPress Plugin Simple Admin Language Change Security Bypass (2.0.1)
WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Cross-Site Scripting (3.7.38)