← Back

CVE-2012-5613

nvd nist
Published: Dec 3, 2012Modified: Apr 29, 2026

JSON object

Loading...
6.0
Vector
AV:N/AC:M/Au:S/C:P/I:P/A:P
Exploitability: 6.8 / Impact: 6.4
Source: NVD

Description

MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.

Affected (2)

Products: Mariadb: Mariadb · Oracle: Mysql
Mariadb
1 product
Mariadb
Oracle
1 product
Mysql
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mariadb
Version 5.5.28a
Mysql
Version 5.5.19
Running on/withPlatform Versions
Linux
Linux Kernel
All versions

Related CWEs

CWE-16
CWE-16

References (12)

Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
ExploitMailing ListThird Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.