A vulnerability was reported in MySQL. A remote authenticated user can cause denial of service conditions.  

   

This issue affects versions prior to MySQL 5.1.48.   

   

A remote authenticated user can send a specially crafted ALTER DATABASE command to cause the target server to move a data directory into a new subdirectory, causing the data directory to become unusable.  

   

A demonstration exploit request is provided [where "<special>" is "." or ".." or is a sequence that begins with "./" or "../"]:  

   

ALTER DATABASE `#mysql50#<special>` UPGRADE DATA DIRECTORY NAME  

   

Vendor advisory at:  

   

8c7K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3c8W2N6W2)9J5k6h3#2&6M7%4q4D9i4K6u0W2j5$3!0E0i4K6u0r3k6r3!0U0i4K6u0r3M7X3g2X3L8h3q4F1i4K6u0r3y4g2)9J5k6e0q4Q4x3V1k6W2L8W2)9J5c8X3&6W2N6%4y4Q4x3X3b7#2i4K6u0V1x3g2)9J5k6o6b7^5i4K6u0W2K9s2c8E0L8l9`.`.

[培训]科锐逆向工程师培训第53期2025年7月8日开班！