Description

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

Remediation

References

CVE-2005-0711

Related Vulnerabilities

WordPress Plugin Admin Font Editor Cross-Site Scripting (1.8)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1499)

Invision Power Board version 3.3.4 unserialize PHP code execution

WordPress Plugin Global Content Blocks 'gcb_export.php' SQL Injection (1.2)

Serendipity URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-5474)

Severity

Low

Classification

CVE-2005-0711

Tags

Missing Update Known Vulnerabilities