Description
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-14800 Vulnerability (CVE-2020-14800)
MySQL CVE-2024-21056 Vulnerability (CVE-2024-21056)
XWikiplatform CVE-2025-55749 Vulnerability (CVE-2025-55749)
WordPress Plugin WPML (WordPress Multilingual) Multiple Vulnerabilities (3.1.8.6)
Chamilo Improper Privilege Management Vulnerability (CVE-2026-40291)