The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 prior to 5.1.46 does not check privileges before uninstalling a plugin, which allows remote malicious users to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mysql mysql |