mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
809 B
809 B
CVE-2002-1374
Description
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
POC
Reference
- http://marc.info/?l=bugtraq&m=103971644013961&w=2
- http://security.e-matters.de/advisories/042002.html
Github
No PoCs found on GitHub currently.