CVE-2007-5970 — Oracle Mysql vulnerability

4 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

0.6%

top 29.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Mysql

Timeline

PublishedDec 10

Latest updateMay 1

Description

MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDoracle/mysql15 versions+14

🔴Vulnerability Details

GHSA

GHSA-4pw7-3p8h-fr77: MySQL 5↗2022-05-01

▶

📋Vendor Advisories

Red Hat

mysql: table privilege gain via partitioned table with the same name↗2007-11-15

▶

💬Community

Bugzilla

CVE-2007-5970 mysql: table privilege gain via partitioned table with the same name↗2007-11-23

▶