QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-6303

Back to search

CVE-2007-6303

Published: Dec 10, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.

VendorProductVersions

n/a

n/a

affected
n/a

References

GLSA-200804-04
vendor-advisory
x_refsource_GENTOO
29706
third-party-advisory
x_refsource_SECUNIA
29443
third-party-advisory
x_refsource_SECUNIA
MDVSA-2008:017
vendor-advisory
x_refsource_MANDRIVA
FEDORA-2007-4465
vendor-advisory
x_refsource_FEDORA
RHSA-2007:1157
vendor-advisory
x_refsource_REDHAT
ADV-2007-4198
vdb-entry
x_refsource_VUPEN
FEDORA-2007-4471
vendor-advisory
x_refsource_FEDORA
26832
vdb-entry
x_refsource_BID
1019085
vdb-entry
x_refsource_SECTRACK
28025
third-party-advisory
x_refsource_SECUNIA
28838
third-party-advisory
x_refsource_SECUNIA
USN-588-1
vendor-advisory
x_refsource_UBUNTU
28063
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2008:003
vendor-advisory
x_refsource_SUSE
28739
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now