18 matches found
CVE-2026-40899
DataEase
EUVD-2020-6193
Malware in sbrugna...
EUVD-2022-3732
Malicious code in bioql PyPI...
CVE-2020-14027
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLELOCALINFILE, that can be leveraged by attackers to enable MySQL Load Data Local rogue MySQL server attacks...
Exploit for Command Injection in Apache Airflow
Apache Airflow SQL injection PoC CVE-2023-22884 PoC for C...
MySQL for Node.js Unsafe Options
An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default...
GHSA-F982-MXWC-3MRX MySQL for Node.js Unsafe Options
An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default...
CVE-2020-14027
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLELOCALINFILE, that can be leveraged by attackers to enable MySQL Load Data Local rogue MySQL server attacks...
Code injection
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLELOCALINFILE, that can be leveraged by attackers to enable MySQL Load Data Local rogue MySQL server attacks...
CVE-2020-14027
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLELOCALINFILE, that can be leveraged by attackers to enable MySQL Load Data Local rogue MySQL server attacks...
CVE-2020-14027
CVE-2020-14027 affects Ozeki NG SMS Gateway up to version 4.17.6, where database connection strings accept custom unsafe arguments (e.g., ENABLE_LOCAL_INFILE). This enables MySQL LOAD DATA LOCAL INFILE attacks via rogue servers. The connected sources confirm the vulnerable component as the databa...
Infogram: LFI through the MySQL connection
Hello team! I've found a way to read Infogram's server local files through the MySQL connection. The problem is that you're using the LOAD DATA LOCAL feature with your MySQL client. This how an attacker can easily send server's local files to her/his database. I've successfully readed the...
PT-2019-9040 · Clickhouse · Clickhouse Mysql Client
Name of the Vulnerable Software and Affected Versions: ClickHouse MySQL client versions prior to 1.1.54390 Description: The issue concerns the "LOAD DATA LOCAL INFILE" functionality in the ClickHouse MySQL client, which was enabled and allowed a malicious MySQL database to read arbitrary files fr...
Buffer overflow
An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default...
UBUNTU-CVE-2019-14939
An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default...
CVE-2019-14939
An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default...
Internet Bug Bounty: Incorrect logic in MySQL & MariaDB protocol leads to remote SSRF/Remote file read
Overview Wrong logic in realization of LOAD DATA LOCAL INFILE function leads to remote attacker can read files from server. Problem exists in many MySQL-drivers and frameworks, on many programming languages, like Python, Java, PHP etc. For exploitation this vulnerability we need to connect to our...
CVE-2007-3997
The 1 MySQL and 2 MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safemode and openbasedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE...