Added: 12/21/2012
CVE: CVE-2012-5613
BID: 56771
OSVDB: 88118
MySQL is an open-source database software package available for multiple platforms.
A database user who has FILE permission can write arbitrary files to the file system, leading to privilege elevation.
Revoke the FILE permission from unprivileged database users, as recommended in the MySQL Reference Manual.
<https://bugzilla.redhat.com/show_bug.cgi?id=882606>
Exploit works on MySQL 5.5.28 on Windows Server 2003, and requires a valid MySQL database login and password to an account with FILE privilege.
Windows