Tuesday, 13 September 2016

Critical zero-day vulnerabilities in MySQL allow hackers to takeover your servers

After Apple, cybersecurity researchers have now uncovered two zero-day vulnerabilities in the biggest open-source database management application, MySQL. These vulnerabilities can allow hackers to inject malicious code and take over your databases. This vulnerability could prove fatal for most businesses whose data is connected and stored in one or the other databases.

The zero-day vulnerabilities, CVE-2016-6662 and CVE-2016-6663, uncovered by independent Polish security researcher Dawid Golunski affects all of the currently supported versions of the software. It not only affects the default configuarations of MySQL, but other database vendors, MariaDB and PerconaDB, who’ve used MySQL engine in the past as well.

The vulnerabilties can be exploited by both local and remote attackers, but they do require authentication access to the MySQL database via a direct network connection or web interfaces such as phpMyAdmin.  For the full article click here 



from hacker samurai http://ift.tt/2coxCVw
via IFTTT

No comments:

Post a Comment