CVE-2006-4226 — Mysql vulnerability

3 documents3 sources

Severity

3.6LOWNVD

EPSS

0.8%

top 25.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mysql Oracle Mysql

Timeline

PublishedAug 18

Latest updateMay 1

Description

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 3.9 | Impact: 4.9

Affected Packages2 packages

▶NVDmysql/mysql23 versions+22

▶NVDoracle/mysql68 versions+67

Patches

Patch: bugs.mysql.com ↗Patch: dev.mysql.com ↗Patch: lists.mysql.com ↗

🔴Vulnerability Details

GHSA

GHSA-g59j-2mhw-4h6x: MySQL before 4↗2022-05-01

▶

📋Vendor Advisories

Red Hat

mysql-server create database privilege escalation↗2006-02-22

▶