MySQL Community Server Vulnerability Allows Information Disclosure
CVE-2007-3781

Currently unrated

Key Information:

Vendor: Mysql
Status: Community Server
Vendor: CVE Published:; 15 July 2007

What is CVE-2007-3781?

The MySQL Community Server prior to version 5.0.45 is susceptible to a vulnerability that fails to enforce necessary privileges for certain operations. Specifically, the system does not require SELECT privileges for the source table when executing a CREATE TABLE LIKE statement. This oversight allows remote authenticated users to access sensitive details about the table structure, potentially exfiltrating critical data and weakening database security.

References

http://bugs.mysql.com/bug.php?id=25578

x_refsource_MISC

http://secunia.com/advisories/28343

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/37783

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2007
Vulnerability Reserved
Jul 15, 2007

Mysql

What is CVE-2007-3781?

References

Timeline