Showing entries 1 to 1
Displaying posts with tag: Remote Code Execution (reset)
Jun
19
2024
Trusting mysqldump and Insecure MySQL Client Lead to Remote Code Execution
Posted by Jean-François Gagné on Wed 19 Jun 2024 22:14 UTC
Tags:

Yes, you read this correctly: because the MySQL client is insecure and allows running arbitrary commands, and because mysqldump blindly trusts the server it is dumping from, a hostile MySQL Server on which mysqldump is executed could trigger arbitrary command execution (also known as a remote code execution).  This post raises awareness on this vulnerability and shows how a secure MySQL

Showing entries 1 to 1