Privilege Elevation Vulnerability in MySQL and MariaDB Products
CVE-2012-5613

Currently unrated

Key Information:

Vendor

Mariadb

Status
Mariadb
Mysql
Vendor
CVE Published:
3 December 2012

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 88%

What is CVE-2012-5613?

A configuration flaw in MySQL and MariaDB can enable remote authenticated users to gain elevated privileges by exploiting the FILE privilege meant for administrators. This issue arises when the FILE privilege is incorrectly assigned to users lacking administrative rights. While the vendor argues that adherence to installation documentation mitigates this risk, the potential for exploitation remains a significant concern for database security.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

UDFPwn-CVE-2012-5613
Created by w4fz5uck5

References

http://secunia.com/advisories/53372
third-party-advisory
http://www.openwall.com/lists/oss-security/2012/12/02/3
mailing-list
http://security.gentoo.org/glsa/glsa-201308-06.xml
vendor-advisory

EPSS Score

88% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.