Lucene search
K

5 matches found

Redos
Redos
added 2025/11/24 12:0 a.m.4 views

ROS-20251124-09

The vulnerability of the MySQL database access library aiomysql is related to the fact that client-side settings are not checked before sending local files to a remote MySQL server. client side settings are not checked before sending local files to a remote MySQL server. Exploitation vulnerabilit...

8.2CVSS6.6AI score0.00354EPSS
Exploits0
Veracode
Veracode
added 2025/11/12 9:26 a.m.5 views

Arbitrary Client-Side File Disclosure

aiomysql is vulnerable to Arbitrary Client-Side File Disclosure. The vulnerability is due to the client not validating server requests for local files, and attackers can exploit this by running a rogue MySQL server that sends LOADLOCAL packets to request and retrieve arbitrary files from the clie...

8.2CVSS6.7AI score0.00354EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2025/10/22 4:47 p.m.4 views

agent-runtime-server (>=0.0.8 <=0.1.0), ai-application-gateway (>=0.1.1 <=0.1.5) +125 more potentially affected by CVE-2025-62611 via aiomysql (>=0.0.11 <=0.2.0)

aiomysql PYPI version =0.0.11, =0.0.8, =0.1.1, =0.0.1, =1.9.0, =2.10.0, =0.1.0, =0.0.2, =1.0.5, =0.0.154, =0.1.0, =0.1.0, =1.1.1, =3.13.4 and more Source cves: CVE-2025-62611 Source advisory: OSV:GHSA-R397-FF8C-WV2G...

8.2CVSS5.4AI score0.00354EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/22 4:47 p.m.4 views

agent-runtime-server (>=0.0.8 <=0.1.0), ai-application-gateway (>=0.1.1 <=0.1.5) +125 more potentially affected by CVE-2025-62611 via aiomysql (>=0.0.11 <=0.2.0)

aiomysql PYPI version =0.0.11, =0.0.8, =0.1.1, =0.0.1, =1.9.0, =2.10.0, =0.1.0, =0.0.2, =1.0.5, =0.0.154, =0.1.0, =0.1.0, =1.1.1, =3.13.4 and more Source cves: CVE-2025-62611 Source advisory: SNYK:PYTHON-AIOMYSQL-13671310...

8.2CVSS5.8AI score0.00354EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/10/22 4:47 p.m.12 views

aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server

Summary The client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. Details It is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary...

8.2CVSS6.5AI score0.00354EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder