Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Shardingsphere
APPApache< 5.3.0
Powiązane podatności
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML l...
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to exec...
Apache Tomcat: Path Equivalence prowadzący do RCE i ujawnienia danych
Apache OFBiz — nieautoryzowane wykonanie kodu przez błędną autoryzację
Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie