Detections
Analytics
CVE-2007-2691
critical
Description
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559
https://exchange.xforce.ibmcloud.com/vulnerabilities/34347
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2007/1804
http://www.securitytracker.com/id?1018069
http://www.securityfocus.com/bid/31681
http://www.securityfocus.com/bid/24016
http://www.securityfocus.com/archive/1/473874/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2008-0768.html
http://www.redhat.com/support/errata/RHSA-2008-0364.html
http://www.redhat.com/support/errata/RHSA-2007-0894.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:139
http://www.debian.org/security/2007/dsa-1413
http://support.apple.com/kb/HT3216
http://secunia.com/advisories/32222
http://secunia.com/advisories/31226
http://secunia.com/advisories/30351
http://secunia.com/advisories/28838
http://secunia.com/advisories/27823
http://secunia.com/advisories/27155
http://secunia.com/advisories/26430
http://secunia.com/advisories/26073
http://secunia.com/advisories/25946
http://secunia.com/advisories/25301
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html