Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-6662
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Oracle MySQL 远程代码执行漏洞/提权漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Oracle MySQL是美国甲骨文(Oracle)公司的一套开源的关系数据库管理系统。该数据库系统具有性能高、成本低、可靠性好等特点。 Oracle MySQL中的配置文件(my.cnf)存在远程代码执行漏洞。攻击者(本地或远程)可通过授权访问MySQL数据库(网络连接或类似phpMyAdmin的Web接口)或SQL注入方式,利用该漏洞向配置文件中注入恶意的数据库配置,导致以root权限执行任意代码,完全控制受影响的服务器。以下版本受到影响:Oracle MySQL 5.5.52及之前的版本,5.6.x
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2016-6662
#POC DescriptionSource LinkShenlong Link
1MySQL server CVE-2016-6662 patch playbookhttps://github.com/konstantin-kelemen/mysqld_safe-CVE-2016-6662-patchPOC Details
2Simple ansible playbook to patch mysql servers against CVE-2016-6662https://github.com/meersjo/ansible-mysql-cve-2016-6662POC Details
3research CVE-2016-6662https://github.com/KosukeShimofuji/CVE-2016-6662POC Details
40ldSQL_MySQL_RCE_exploit.py (ver. 1.0) (CVE-2016-6662) MySQL Remote Root Code Execution / Privesc PoC Exploit For testing purposes only. Do no harm.https://github.com/Ashrafdev/MySQL-Remote-Root-Code-ExecutionPOC Details
5Nonehttps://github.com/boompig/cve-2016-6662POC Details
6From SQL injection to root shell with CVE-2016-6662 by MaYaSeVeNhttps://github.com/MAYASEVEN/CVE-2016-6662POC Details
7This lab dedicated to learning penetration testing skill with CVE-2016-6662: MySQL Remote Root Code Executionhttps://github.com/LSQUARE14/SQL_to_RCE_LabPOC Details
8CVE-2016-6662, tapi versi lab ala Kanya. Dari SQL Injection receh → bisa jadi full server takeover. Cocok buat latihan dan flexing di forum, jangan dipake ke server orang.https://github.com/kanyaars/CVE-2016-6662POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2016-6662
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2016-6662

No comments yet

Leave a comment