CVE-2007-2691
Description
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
Risk Information
Base Score
6.5
MODERATE
Vector
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
1.338
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update MySQL to mysql-4.1.23 | Windows |
| Update to mysql-5.0.42 | Windows |
| Update to mysql-5.1.18-beta | Windows |
| Update MySQL to mysql-4.1.23 (For Linux) | Linux |
| Update to mysql-5.0.42 (For Linux) | Linux |
| Update to mysql-5.1.18-beta (For Linux) | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234