← back
CVE-2007-2692

CVE-2007-2692

EPSS 1.9%
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugs.mysql.com/bug.php?id=27337http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.htmlhttp://lists.mysql.com/announce/470http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlhttp://osvdb.org/34765http://secunia.com/advisories/25301http://secunia.com/advisories/26073http://secunia.com/advisories/26430http://secunia.com/advisories/27823http://secunia.com/advisories/28637http://secunia.com/advisories/28838http://secunia.com/advisories/29443