CVE-2007-2692 — Mysql vulnerability

8 documents5 sources

Severity

6.0MEDIUMNVD

EPSS

0.6%

top 29.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mysql Oracle Mysql

Timeline

PublishedMay 16

Latest updateMay 1

Description

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

▶NVDmysql/mysql15 versions+14

▶NVDoracle/mysql33 versions+32

🔴Vulnerability Details

GHSA

GHSA-p759-pfvw-7vmx: The mysql_change_db function in MySQL 5↗2022-05-01

▶

📋Vendor Advisories

Ubuntu

MySQL regression↗2008-04-02

▶

Ubuntu

MySQL vulnerabilities↗2008-03-19

▶

Red Hat

mysql SECURITY INVOKER functions do not drop privileges↗2007-05-17

▶

💬Community

Bugzilla

CVE-2007-2691 CVE-2007-2692 CVE-2007-2693 mysql various flaws [FC6]↗2007-06-13

▶

Bugzilla

CVE-2007-2691 CVE-2007-2692 CVE-2007-2693 mysql various flaws [F7]↗2007-06-13

▶

Bugzilla

CVE-2007-2692 mysql SECURITY INVOKER functions do not drop privileges↗2007-05-29

▶