Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0710 — Mysql vulnerability

8 documents6 sources

Severity

4.6MEDIUMNVD

EPSS

4.6%

top 10.75%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mysql Oracle Mysql

Timeline

PublishedMay 2

Latest updateMay 1

Description

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶NVDmysql/mysql4.1.0, 4.1.10, 4.1.3+2

▶NVDoracle/mysql27 versions+26

Patches

Patch: www.debian.org ↗Patch: www.gentoo.org ↗Patch: www.novell.com ↗

🔴Vulnerability Details

GHSA

GHSA-5wh5-j2hf-hpfc: MySQL 4↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

MySQL 4.x - CREATE FUNCTION mysql.func Table Arbitrary Library Injection↗2005-03-11

▶

📋Vendor Advisories

Ubuntu

mySQL vulnerabilities↗2005-03-16

▶

Red Hat

security flaw↗2005-03-11

▶

💬Community

Bugzilla

CVE-2005-0710 security flaw↗2018-08-16

▶