CVE-2007-2691

Medium

4.9/10

Summary

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: SINGLE
Integrity Impact: PARTIAL
Confidentiality Impact: NONE
Availability Impact: PARTIAL

References

Advisory Timeline

Published May 16, 2007

CVE-2007-2691

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS