Attackers can potentially run a malicious MySQL server and gain access to connected data, according to a new security alert.
MySQL has issued a security notice resulting from issues with the LOAD DATA LOCAL, noting that the “statement can load a file located on the server host, or, if the LOCAL keyword is specified, on the client host.”
The design flaw exists in the file transfer interaction between a client host and a MySQL server, according to BleepingComputer. Leveraging this attack would allow a malicious actor to steal sensitive information from a web server that is not properly configured either by enabling connections to untrusted servers or from database management applications.
Falanx Group Ltd (LON:FLX), through its subsidiaries, provides cyber defence and intelligence services to blue chip and government clients worldwide. It operates through Falanx Cyber Defence and Falanx Intelligence divisions.