Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command injection in gh-ost
Vulnerability Description
gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
gh-ost 输入验证错误漏洞
Vulnerability Description
gh-ost是一个 MySQL 的无触发在线模式迁移解决方案。它是可测试的,并提供可暂停性、动态控制/重新配置、审计和许多操作特权。 gh-ost 存在输入验证错误漏洞,该漏洞源于存在任意文件读取漏洞。攻击者可利用该漏洞导致任意文件读取。
CVSS Information
N/A
Vulnerability Type
N/A