Description

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

Remediation

References

CVE-2004-0835

Related Vulnerabilities

WordPress Plugin Project Supremacy V3 Lite Cross-Site Scripting (1.1)

WordPress Plugin Attendance Manager Multiple Vulnerabilities (0.5.6)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3935)

WordPress 3.8.x PHP Object Injection (3.8 - 3.8.35)

WordPress Plugin WPeMatico RSS Feed Fetcher Cross-Site Scripting (2.3.7)

Severity

High

Classification

CVE-2004-0835

Tags

Missing Update Known Vulnerabilities