Description

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.

Remediation

References

CVE-2005-1636

Related Vulnerabilities

Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-20920)

WordPress Plugin Zedna Contact form Arbitrary File Upload (1.0)

Phusion Passenger Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2119)

MediaWiki Improper Access Control Vulnerability (CVE-2012-4380)

WordPress Plugin CMS Press Cross-Site Scripting (0.2.3)

Severity

Medium

Classification

CVE-2005-1636

Tags

Missing Update Known Vulnerabilities