Description
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
Remediation
References
Related Vulnerabilities
WordPress Plugin InfiniteWP Client Security Bypass (1.9.4.4)
MySQL CVE-2012-3163 Vulnerability (CVE-2012-3163)
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2018-16890)
WordPress Plugin Banner Cycler Cross-Site Request Forgery (1.4)
WordPress Plugin Import and export users and customers Cross-Site Request Forgery (1.14.1.3)