Oracle MySQL < 5.1.18 Multiple Vulnerabilities

ID 3993.PRM
Type nessus
Reporter Tenable
Modified 2019-03-06T00:00:00


The version of MySQL installed on the remote host reportedly is affected by three issues :

  • A user can rename a table without having DROP privileges.

-If a stored routine is declared as 'SQL SECURITY INVOKER', a user may be able to gain privileges by invoking that routine.

-A user with only ALTER privileges on a partitioned table can discover information about the table that should require SELECT privileges.

                                            Binary data 3993.prm