Description
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
Remediation
References
Related Vulnerabilities
Jboss EAP Other Vulnerability (CVE-2019-9513)
Joomla Missing Authorization Vulnerability (CVE-2019-18674)
Oracle JRE CVE-2020-2830 Vulnerability (CVE-2020-2830)
WordPress Plugin Royal Elementor Addons and Templates Arbitrary File Upload (1.3.78)
b2evolution Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3709)