Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1375Oracle Mysql vulnerability

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
15.0%
top 5.41%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Oracle MysqlSymantec Veritas Netbackup Advanced ReporterSymantec Veritas Netbackup Global Data Manager
Timeline
PublishedDec 23
Latest updateApr 30

Description

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDoracle/mysql47 versions+46

Patches

Patch: www.linuxsecurity.comPatch: www.securityfocus.comPatch: www.linuxsecurity.com

🔴Vulnerability Details

1
GHSA
GHSA-gvcx-q88q-m695: The COM_CHANGE_USER command in MySQL 32022-04-30

💥Exploits & PoCs

1
Exploit-DB
MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Memory Corruption2002-12-12

📋Vendor Advisories

1
Red Hat
security flaw2002-12-12

💬Community

1
Bugzilla
CVE-2002-1375 security flaw2018-08-16