Hi everybody, I would like to remove the "_" from the database name. This issue is already correct in 42go version. If the unterscore symbol is in the name of the database everyone can create a new database whitout permission. ex: DB name: web1_db1 you can replace the "_" with another caracter. Where is the database creation script? Thanks
This issue is also fixed in newer MySQL versions (as far as I know, in all MySQL 5 releases). Which MySQL version do you use?
This vulnerability seems to be related to MySQL version 3. Why not upgrade your MySQL version? See http://xforce.iss.net/xforce/xfdb/17783 for a full version Code: Platforms Affected: * Canonical Ltd.: Ubuntu 4.10 * Debian: Debian Linux 3.0 * MySQL AB: MySQL prior to 4.0.21 * Red Hat, Inc.: Red Hat Desktop 3 * Red Hat, Inc.: Red Hat Enterprise Linux AS 3 * Red Hat, Inc.: Red Hat Enterprise Linux ES 3 * Red Hat, Inc.: Red Hat Enterprise Linux WS 3 * Various: Any operating system Any version Remedy: Upgrade to the latest version of MySQL (4.0.21 or later), available from the MySQL Web site. See References.
I use MySQL 5.0.22 but the problem is till here. I use phpmyadmin (2.8.0) login with web1_u1 user, I can replace the "_" with another caracter and then click on "create database", the database will be created successfully. Any Idea?
No. Accoprding to MySQL AB they had fixed this bug, thas why we did not change the implementation in ISPConfig
If this is true, you're better served by posting this as a bug on the mysql lists: http://bugs.mysql.com/ If true, the behavioral of MySQL is incorrect and should be fixed at the root.
