Description

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

Remediation

References

CVE-2004-0835

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4593)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.19)

Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.17)

Perl Out-of-bounds Read Vulnerability (CVE-2015-8608)

WordPress Plugin Product Catalog SQL Injection (3.1.2)

Severity

High

Classification

CVE-2004-0835

Tags

Missing Update Known Vulnerabilities