VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Aug 18, 2006· Updated Apr 16, 2026

CVE-2006-4227

CVE-2006-4227

Description

MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.

Affected products

12
  • MySQL/MySQL8 versions
    cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
  • Oracle Corporation/MySQL4 versions
    cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

16

News mentions

0

No linked articles in our index yet.