6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%
Added: 12/21/2012
CVE: CVE-2012-5613
BID: 56771
OSVDB: 88118
MySQL is an open-source database software package available for multiple platforms.
A database user who has FILE permission can write arbitrary files to the file system, leading to privilege elevation.
Revoke the FILE permission from unprivileged database users, as recommended in the MySQL Reference Manual.
<https://bugzilla.redhat.com/show_bug.cgi?id=882606>
Exploit works on MySQL 5.5.28 on Windows Server 2003, and requires a valid MySQL database login and password to an account with FILE privilege.
Windows