Vulnerbility Arbitrary read file affects ALL soplann running on MySQL / MariaDB, unless they have disabled local_infile
Posted: 09 Feb 2026, 18:58
This vulnerabilit affected because after installation successfully your code isnt check if database exist the code cannot run installation features or die :
and if someone not setting local_infile the attacker able to read sensitive data:
1. download this file on github rmb122/rogue_mysql_server
2. you can send the request for configuration and change the ip address (cfgHostname=) to rogue mysql server using burpsuite or any interceptor tools
3. you can retrieve sensitive information such as mysql credentials
and if someone not setting local_infile the attacker able to read sensitive data:
1. download this file on github rmb122/rogue_mysql_server
2. you can send the request for configuration and change the ip address (cfgHostname=) to rogue mysql server using burpsuite or any interceptor tools
3. you can retrieve sensitive information such as mysql credentials