CVE-2012-5613 — Vulnetix

Try Vulnetix Request Demo

CVE-2012-5613 PUBLISHED CVSS 6 MEDIUM

** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.

EPSS 88.75% · 99.5th percentile

Risk Scores

CVSS v2.0

6

EPSS Score

88.75%

99.5th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
mariadb	mariadb	5.5.28a
oracle	mysql	5.5.19

Timeline

Dec 3, 2012 CVE Published
Dec 6, 2012 PoC Published
May 29, 2018 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Nov 16, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

53372 third-party-advisory
[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday mailing-list
GLSA-201308-06 vendor-advisory
[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday mailing-list
SUSE-SU-2013:0262 vendor-advisory
20121201 MySQL (Linux) Database Privilege Elevation Zeroday Exploit mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2012-5613 advisory

Open in Interactive Console →