Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants.
The server was not checking the supplied to COM_FIELD_LIST table name for validity and compliance to acceptable table names standards. Fixed by checking the table name for compliance similar to how it's normally checked by the parser and returning an error message if it's not compliant.
Showing
Please register or sign in to comment