CVE-2010-1626Link Following in Mysql

CWE-59Link Following6 documents5 sources
Severity
3.6LOWNVD
EPSS
0.1%
top 76.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MysqlOracle Mysql
Timeline
PublishedMay 21
Latest updateMay 13

Description

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages2 packages

NVDmysql/mysql5.1.45+16
NVDoracle/mysql33 versions+32

Patches

Patch: bugs.mysql.comPatch: bugs.mysql.com

🔴Vulnerability Details

1
GHSA
GHSA-6c9m-2jhw-8335: MySQL before 52022-05-13

📋Vendor Advisories

3
Ubuntu
MySQL vulnerabilities2012-03-12
Ubuntu
MySQL vulnerabilities2010-06-09
Red Hat
mysql: table destruction via DATA/INDEX DIRECTORY directives using symlinks2008-11-22

💬Community

1
Bugzilla
CVE-2010-1626 mysql: table destruction via DATA/INDEX DIRECTORY directives using symlinks2010-01-08
CVE-2010-1626 — Link Following in Mysql | cvebase