CVE-2007-2691
CVE-2007-2691
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.mysql.com/bug.php?id=27515http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.mysql.com/announce/470http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlhttp://osvdb.org/34766http://secunia.com/advisories/25301http://secunia.com/advisories/25946http://secunia.com/advisories/26073http://secunia.com/advisories/26430http://secunia.com/advisories/27155http://secunia.com/advisories/27823