Advertisement
Top

A flaw in MySQL could allow rogue servers to steal files from clients

January 22, 2019

Via: Security Affairs
Category:

A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS).

The flaw resides in the file transfer process between a client host and a MySQL server, it could be exploited by an attacker running a rogue MySQL server to access any data that could be read by the client.

The issue ties with the LOAD DATA statement used with the LOCAL modifier. The LOAD DATA statement can load a file located on the server, and if the LOCAL keyword is used in the request, on the client host.

Read More on Security Affairs

RELATED PUBLICATIONS

API sprawl: navigating the web of connectivity and security challenges
NIST updates Cybersecurity Framework after a decade of lessons
Giant leak reveals Chinese infosec vendor I-Soon is one of Beijing’s cyber-attackers for hire

Latest Publications

AI set to play key role in future phishing attacks
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity
5 Hard Truths About the State of Cloud Security 2024
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!