Description
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
Remediation
References
Related Vulnerabilities
MySQL CVE-2013-1531 Vulnerability (CVE-2013-1531)
Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-26265)
WordPress Plugin WP-SpamFree Anti-Spam Cross-Site Scripting (2.1.1.6)
WordPress Plugin WP Support Plus Responsive Ticket System PHP Object Injection (9.0.3)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (4.0.2)