Oracle MySQL MERGE Table Privilege Escalation
Medium Nessus Network Monitor Plugin ID 3697
SynopsisThe remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.
DescriptionAccording to its version number, the installation of MySQL on the remote host may be prone to a flaw where an authenticated user can escalate privileges on the remote database server. Specifically, even if a user has had access revoked to a certain table, they may be able to access it from another table. Successful exploitation would lead to a loss of confidential data.
SolutionUpgrade to version 4.1.21, 5.0.24 or higher.