CVE-2007-6303Mysql vulnerability

6 documents5 sources
Severity
3.5LOWNVD
EPSS
0.8%
top 25.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MysqlOracle Mysql
Timeline
PublishedDec 10
Latest updateMay 1

Description

MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

NVDmysql/mysql14 versions+13
NVDoracle/mysql15 versions+14

🔴Vulnerability Details

1
GHSA
GHSA-w9wg-3v8p-w953: MySQL 52022-05-01

📋Vendor Advisories

3
Ubuntu
MySQL regression2008-04-02
Ubuntu
MySQL vulnerabilities2008-03-19
Red Hat
mysql: DEFINER value of view not altered on ALTER VIEW2007-07-19

💬Community

1
Bugzilla
CVE-2007-6303 mysql: DEFINER value of view not altered on ALTER VIEW2007-12-11
CVE-2007-6303 — Mysql vulnerability | cvebase