Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0150 — Oracle Mysql vulnerability

5 documents5 sources

Severity

9.0CRITICALNVD

EPSS

12.8%

top 5.96%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Mysql

Timeline

PublishedMar 24

Latest updateApr 29

Description

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/mysql6 versions+5

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-vw24-98xw-c2qv: MySQL 3↗2022-04-29

▶

💥Exploits & PoCs

Exploit-DB

MySQL 3.23.x - 'mysqld' Local Privilege Escalation↗2003-03-08

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-03-08

▶

💬Community

Bugzilla

CVE-2003-0150 security flaw↗2018-08-16

▶