CVE-2007-5970
Last modified
CVE-2007-5970 is a vulnerability of currently unknown severity. MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.. EPSS estimates a 2.13% chance of exploitation in the next 30 days.
Description
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Mysql | 5.1.1 |
| Oracle | Mysql | 5.1.2 |
| Oracle | Mysql | 5.1.10 |
| Oracle | Mysql | 5.1.11 |
| Oracle | Mysql | 5.1.12 |
| Oracle | Mysql | 5.1.13 |
| Oracle | Mysql | 5.1.14 |
| Oracle | Mysql | 5.1.15 |
| Oracle | Mysql | 5.1.16 |
| Oracle | Mysql | 5.1.17 |
| Oracle | Mysql | 6.0.0 |
| Oracle | Mysql | 6.0.1 |
| Oracle | Mysql | 6.0.2 |
| Oracle | Mysql | 6.0.3 |
| Oracle | Mysql | 6.0.4 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-5970?
How severe is CVE-2007-5970?
How do I fix CVE-2007-5970?
Are you affected by CVE-2007-5970?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST