Exploit for #VU51645 Command Injection in MariaDB

Published: 2021-04-16 | Updated: 2022-04-15

Vulnerability identifier: #VU51645

Vulnerability risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-27928

CWE-ID: CWE-77

Exploitation vector: Network

Exploits in database: 6

April 15, 2022
- CVE-2021-27928 (Pasos a seguir para explotar la vulnerabilidad CVE-2021-27928) [Github]
December 9, 2021
- CVE-2021-27928-POC (CVE-2021-27928-POC) [Github]
June 20, 2021
- CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untruste [Github]
June 17, 2021
- MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution [Exploit-DB]
May 20, 2021
- CVE-2021-27928 (CVE-2021-27928 MariaDB/MySQL-'wsrep provider' 命令注入漏洞) [Github]
April 16, 2021
- MariaDB 10.2 Command Execution [Packet Storm]

Impact: Code execution

Vulnerable software:
MariaDB
Server applications / Database software

Vendor: MariaDB Foundation