Oracle · Mysql Server · CVE-2007-2692
**Name of the Vulnerable Software and Affected Versions**
MySQL versions 5.0.x through 5.0.39
MySQL versions 5.1.x through 5.1.17
**Description**
The issue allows remote authenticated users to gain privileges due to the mysql change db function not restoring THD::db access privileges when returning from SQL SECURITY INVOKER stored routines.
**Recommendations**
For MySQL versions 5.0.x through 5.0.39, update to version 5.0.40 or later.
For MySQL versions 5.1.x through 5.1.17, update to version 5.1.18 or later.