Control Web Panel

WebPanel => MySQL => Topic started by: ripieces on September 13, 2016, 11:27:18 AM

Title: Severe MySQL / MariaDB / Percona security issue (remote root code execution)
Post by: ripieces on September 13, 2016, 11:27:18 AM
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html (http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html)

In short as far as I understand it a tiny SQL Injection on any of your websites or legit phpMyAdmin access can be used in many cases to execute arbitrary code with root rights.

It seems there are already patches available for MariaDB / Percona, however none for MySQL yet.

So keep an eye out for the security updates to come and don't forget to install them when they are available!

Do not blame the CWP guys please - this is a general issue that affects any installations that use these database software.