CVE-2012-5613

Name of the Vulnerable Software and Affected Versions MySQL versions 5.5.19 and possibly other versions MariaDB versions 5.5.28a and possibly other versions

Description The issue allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator, when configured to assign the FILE privilege to users who should not have administrative privileges. The vendor disputes this issue, stating that it is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.

Recommendations For MySQL version 5.5.19, consider restricting the FILE privilege to only administrative users. For MariaDB version 5.5.28a, consider restricting the FILE privilege to only administrative users. As a temporary workaround, consider disabling the assignment of the FILE privilege to non-administrative users until a proper configuration is in place. Restrict access to sensitive files and directories to minimize the risk of exploitation.