Among other issues reported, the most critical flaw in the July CPU 2016, rated CVSS v3.0 base score 8.1, is the Server Parser subcomponent issue(CVE-2016-3477) and one of our findings.
Versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier are affected. The zero-day permits unauthenticated users with login access to the infrastructure where MySQL Server executes to successfully compromise and take over the database server.
Versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier are affected. The zero-day permits unauthenticated users with login access to the infrastructure where MySQL Server executes to successfully compromise and take over the database server.
https://www.exploit-db.com/docs/40143.pdf
[ reply ]