CVE-2000-0045

MySQL - Unauthenticated Password Modification via GRANT Privilege

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0045. PoCs published by Viktor Fougstedt.

AI-analyzed exploit summary This exploit leverages the default 'test' account in MySQL, which has GRANT privileges and no password, to change the password of the MySQL superuser 'root'. It demonstrates how an attacker can gain full control over the MySQL database by altering the root password.

Description

MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Viktor Fougstedt · textlocalmultiple
https://www.exploit-db.com/exploits/19721

This exploit leverages the default 'test' account in MySQL, which has GRANT privileges and no password, to change the password of the MySQL superuser 'root'. It demonstrates how an attacker can gain full control over the MySQL database by altering the root password.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: MySQL (versions affected by CVE-2000-0045)
No auth needed
Prerequisites: MySQL instance with default 'test' account enabled · Network access to the MySQL server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/926

Scores

EPSS 0.0699
EPSS Percentile 93.4%

Details

Status published
Products (3)
oracle/mysql 3.22.27
oracle/mysql 3.22.29
oracle/mysql 3.23.8
Published Jan 11, 2000
Tracked Since Feb 18, 2026