VYPR
Unrated severityNVD Advisory· Published May 16, 2007· Updated Jun 16, 2026

CVE-2007-2692

CVE-2007-2692

Description

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

49
  • MySQL/MySQL16 versions
    cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
    • (no CPE)range: <5.0.40, <5.1.18
  • cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*+ 32 more
    • cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

25

News mentions

0

No linked articles in our index yet.