Lucene search

K
cve[email protected]CVE-2007-2692
HistoryMay 16, 2007 - 1:19 a.m.

CVE-2007-2692

2007-05-1601:19:00
web.nvd.nist.gov
38
mysql
5.0.x
5.1.x
privilege escalation
cve-2007-2692
nvd

6.4 Medium

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.067 Low

EPSS

Percentile

93.9%

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

Affected configurations

NVD
Node
mysqlmysqlMatch5.0.0
OR
mysqlmysqlMatch5.0.1
OR
mysqlmysqlMatch5.0.2
OR
mysqlmysqlMatch5.0.3
OR
mysqlmysqlMatch5.0.4
OR
mysqlmysqlMatch5.0.5
OR
mysqlmysqlMatch5.0.5.0.21
OR
mysqlmysqlMatch5.0.10
OR
mysqlmysqlMatch5.0.15
OR
mysqlmysqlMatch5.0.16
OR
mysqlmysqlMatch5.0.17
OR
mysqlmysqlMatch5.0.20
OR
mysqlmysqlMatch5.0.22.1.0.1
OR
mysqlmysqlMatch5.0.24
OR
mysqlmysqlMatch5.1.5
OR
oraclemysqlMatch5.0.0alpha
OR
oraclemysqlMatch5.0.3beta
OR
oraclemysqlMatch5.0.6
OR
oraclemysqlMatch5.0.7
OR
oraclemysqlMatch5.0.8
OR
oraclemysqlMatch5.0.9
OR
oraclemysqlMatch5.0.11
OR
oraclemysqlMatch5.0.12
OR
oraclemysqlMatch5.0.13
OR
oraclemysqlMatch5.0.14
OR
oraclemysqlMatch5.0.18
OR
oraclemysqlMatch5.0.19
OR
oraclemysqlMatch5.0.21
OR
oraclemysqlMatch5.0.22
OR
oraclemysqlMatch5.0.27
OR
oraclemysqlMatch5.0.33
OR
oraclemysqlMatch5.0.37
OR
oraclemysqlMatch5.1.1
OR
oraclemysqlMatch5.1.2
OR
oraclemysqlMatch5.1.3
OR
oraclemysqlMatch5.1.4
OR
oraclemysqlMatch5.1.6
OR
oraclemysqlMatch5.1.7
OR
oraclemysqlMatch5.1.8
OR
oraclemysqlMatch5.1.9
OR
oraclemysqlMatch5.1.10
OR
oraclemysqlMatch5.1.11
OR
oraclemysqlMatch5.1.12
OR
oraclemysqlMatch5.1.13
OR
oraclemysqlMatch5.1.14
OR
oraclemysqlMatch5.1.15
OR
oraclemysqlMatch5.1.16
OR
oraclemysqlMatch5.1.17

References

6.4 Medium

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.067 Low

EPSS

Percentile

93.9%