Description
mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
Remediation
References
Related Vulnerabilities
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-1432)
Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-6357)
Oracle Application Server CVE-2008-0340 Vulnerability (CVE-2008-0340)
MySQL CVE-2022-21297 Vulnerability (CVE-2022-21297)
Apache HTTP Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-0747)