Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4227Improper Input Validation in Mysql

CWE-20Improper Input Validation5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
12.5%
top 6.04%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
MysqlOracle Mysql
Timeline
PublishedAug 18
Latest updateMay 1

Description

MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

NVDmysql/mysql8 versions+7
NVDoracle/mysql4 versions+3

🔴Vulnerability Details

1
GHSA
GHSA-pq6p-m3qv-7m6j: MySQL before 52022-05-01

💥Exploits & PoCs

1
Exploit-DB
MySQL 4/5 - SUID Routine Miscalculation Arbitrary DML Statement Execution2006-08-17

📋Vendor Advisories

2
Ubuntu
MySQL vulnerabilities2006-09-05
Red Hat
mysql improper suid argument evaluation2006-03-29
CVE-2006-4227 — Improper Input Validation in Mysql | cvebase