CVE-2023-49198

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-552
View all →

Vulnerability Description

Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue.

Related Vulnerabilities

CVE-2017-11746

HIGH
CVSS:7.5(High)

Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tensh...

CWE-5522017

CVE-2017-12079

HIGH
CVSS:7.5(High)

Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via pr...

CWE-5522017

CVE-2017-2551

HIGH
CVSS:7.5(High)

Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.

CWE-5522017

CVE-2018-10863

HIGH
CVSS:7.5(High)

It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An un...

CWE-5522018

CVE-2018-10869

HIGH
CVSS:7.5(High)

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

CWE-5522018

CVE-2018-16946

HIGH
CVSS:7.5(High)

LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via downl...

CWE-5522018