Description

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.

Remediation

References

CVE-2005-1636

Related Vulnerabilities

WordPress Plugin Postmatic-Post and comment subscriptions that invite you to hit reply Cross-Site Scripting (1.4.5)

WordPress Plugin Zingiri Web Shop Multiple Cross-Site Scripting Vulnerabilities (2.4.1)

WordPress Plugin Click to Call or Chat Buttons Cross-Site Scripting (1.4.0)

WordPress Plugin WordPress Users 'uid' Parameter SQL Injection (1.3)

WordPress Plugin Embedded Video 'lembedded-video.php' Cross-Site Scripting (4.1)

Severity

Medium

Classification

CVE-2005-1636

Tags

Missing Update Known Vulnerabilities