MySQL is Vulnerable to Server Root Access Vulnerability(Exploit Released)

7 years ago
Mysql e1512456897786

Mysql e1512456897786

Critical vulnerabilities have been found in one of the most popular databases i.e. MySQL.

David Golunski, a security researcher discovered two zero days, which allow an attacker to access the complete database. All the current supported versions of MySQL are vulnerable to this vulnerability.

  • MySQL Remote Root Code Execution (CVE-2016-6662)
  • Privilege Escalation (CVE-2016-6663)

Earlier David Golunski published exploit for CVE-2016-6662  at his blog. He reported this issue to Oracle but they didn’t fix it.

Golunski promised to publish exploit for another bug(CVE-2016-6663) too.
Both the vulnerabilities affect MySQL version 5.5.51 and earlier, MySQL version 5.6.32 and earlier, and MySQL version 5.7.14 and earlier, as well as MySQL forks – Percona Server and MariaDB.
Now Golunski has published the proof-of-concept exploit code for both the vulnerabilities.
Exploit 1
Exploit 2
The vulnerabilities have been fixed by their vendors and released a security patch for these.

 

 

Author: Yogesh Prasad

Information Security Professional | Cyber Security Expert | Ethical Hacker | Founder – Hackers Interview

Twitter Facebook Linkedin

More Stories

Safeguarding Your Organization: The Human Factor in Cybersecurity

Safeguarding Your Organization: The Human Factor in Cybersecurity

1 year ago

The Dark Web: Understanding the Threats and Risks

1 year ago
Cybersecurity Predictions for 2023 -Emerging Threats and Mitigation Strategies

Cybersecurity Predictions for 2023: Emerging Threats and Mitigation Strategies

1 year ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe Us