Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-5613Mariadb vulnerability

CWE-169 documents6 sources
Severity
6.0MEDIUMNVD
EPSS
88.8%
top 0.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
MariadbOracle Mysql
Timeline
PublishedDec 3
Latest updateMay 17

Description

MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

NVDoracle/mysql5.5.19
NVDmariadb/mariadb5.5.28a

🔴Vulnerability Details

1
GHSA
GHSA-cvqp-6rwh-x2fj: ** DISPUTED ** MySQL 52022-05-17

💥Exploits & PoCs

5
Exploit-DB
Oracle MySQL (Windows) - FILE Privilege Abuse (Metasploit)2015-01-13
Exploit-DB
Oracle MySQL (Windows) - MOF Execution (Metasploit)2012-12-06
Exploit-DB
MySQL (Linux) - Database Privilege Escalation2012-12-02
Metasploit
Oracle MySQL for Microsoft Windows MOF Execution
Metasploit
Oracle MySQL for Microsoft Windows FILE Privilege Abuse

📋Vendor Advisories

1
Red Hat
mysql: database privilege escalation using FILE privilege2012-12-01

💬Community

1
Bugzilla
CVE-2012-5613 mysql: database privilege escalation using FILE privilege2012-12-02