CVE-2006-0369

Name of the Vulnerable Software and Affected Versions MySQL version 5.0.18

Description The issue allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information schema.views;" query, which returns the query that created the VIEW. It is noted that the availability of the schema is sometimes a normal and desired aspect of database access, and this issue has been disputed by third parties.

Recommendations For MySQL version 5.0.18, consider restricting access to the information schema.views to minimize the risk of sensitive information disclosure. As a temporary workaround, limit the use of the "SELECT * FROM information schema.views;" query to only those users who require it for legitimate database access purposes.