icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MySQL MERGE Table Privilege Escalation

Low

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.

Description

According to its version number, the installation of MySQL on the remote host may be prone to a flaw where an authenticated user can escalate privileges on the remote database server. Specifically, even if a user has had access revoked to a certain table, they may be able to access it from another table. Successful exploitation would lead to a loss of confidential data.

Solution

Upgrade to version 4.1.21, 5.0.24 or higher.