CVE-2009-4030
CWE-59Published: November 30, 2009· Updated: Jun 16, 2026
Official Description
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
Technical Analysis
CVE-2009-4030 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
All References (42)
Quick Facts
Related CVEs (CWE-59)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2009-4030 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts