Description
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
Remediation
References
Related Vulnerabilities
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2018-1000861)
Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)
WordPress Plugin Simple add pages or posts Cross-Site Request Forgery (1.6)
PostgreSQL Uncontrolled Search Path Element Vulnerability (CVE-2020-14349)