Lucene search
K

13 matches found

CVE
CVE
•added yesterday•5 views

CVE-2026-47199

Frappe’s check_safe_sql_query could allow SELECT INTO OUTFILE on self-hosted deployments if database permissions align and MySQL FILE privileges are present. Affected versions: prior to 16.18.3 and 15.108.0. Fixed in 16.18.3 and 15.108.0. CVSS v4.0 base score 2.3 (LOW). Impact is limited to confi...

2.3CVSS6.1AI score
Exploits0References7
OSV
OSV
•added 2026/06/16 11:47 a.m.•4 views

BIT-MARIADB-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

8.1CVSS5.2AI score0.00399EPSS
Exploits0References13
OSV
OSV
•added 2026/06/12 6:16 p.m.•9 views

ALPINE-CVE-2026-44173

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

5.3CVSS5.2AI score0.00399EPSS
Exploits0References1
NVD
NVD
•added 2026/06/12 6:16 p.m.•13 views

CVE-2026-44173

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

8.1CVSS0.00399EPSS
Exploits0References12
EUVD
EUVD
•added 2026/06/12 5:34 p.m.•10 views

EUVD-2026-36518

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

5CVSS5.2AI score0.00399EPSS
Exploits0References2
CVE
CVE
•added 2026/06/12 5:34 p.m.•56 views

CVE-2026-44173

CVE-2026-44173 affects the MariaDB server (community fork of MySQL). From the provided data, the vulnerability allows the FILE privilege to be bypassed for SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE when the FROM clause contains only subqueries. This behavior exists in MariaDB versions ...

8.1CVSS5.2AI score0.00399EPSS
Exploits0References12Affected Software1
Cvelist
Cvelist
•added 2026/06/12 5:34 p.m.•48 views

CVE-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

5CVSS0.00399EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/12 5:34 p.m.•14 views

CVE-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

5CVSS5.3AI score0.00399EPSS
Exploits0References2
OSV
OSV
•added 2025/12/10 11:5 p.m.•5 views

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

8.2CVSS7.8AI score0.00253EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2025/12/10 11:5 p.m.•5 views

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

8.2CVSS7.6AI score0.00253EPSS
Exploits0References3
EUVD
EUVD
•added 2025/12/10 11:5 p.m.•6 views

EUVD-2025-202171

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

8.2CVSS7.4AI score0.00253EPSS
Exploits0References4
OSV
OSV
•added 2019/06/07 5:29 p.m.•3 views

CVE-2018-19462

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php...

7.2CVSS6.1AI score0.0221EPSS
Exploits1References4
seebug.org
seebug.org
•added 2014/07/01 12:0 a.m.•20 views

MySQL 3.23.x mysqld Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7052/info A vulnerability has been discovered for MySQL that may allow the mysqld service to start with elevated privileges. An attacker can exploit this vulnerability by creating a DATADIR/my.cnf that includes the line...

7.1AI score
Exploits0
Rows per page
Query Builder