CVE-2016-6662
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-6662
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Oracle MySQL 远程代码执行漏洞/提权漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Oracle MySQL是美国甲骨文(Oracle)公司的一套开源的关系数据库管理系统。该数据库系统具有性能高、成本低、可靠性好等特点。 Oracle MySQL中的配置文件(my.cnf)存在远程代码执行漏洞。攻击者(本地或远程)可通过授权访问MySQL数据库(网络连接或类似phpMyAdmin的Web接口)或SQL注入方式,利用该漏洞向配置文件中注入恶意的数据库配置,导致以root权限执行任意代码,完全控制受影响的服务器。以下版本受到影响:Oracle MySQL 5.5.52及之前的版本,5.6.x
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2016-6662
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | MySQL server CVE-2016-6662 patch playbook | https://github.com/konstantin-kelemen/mysqld_safe-CVE-2016-6662-patch | POC Details |
| 2 | Simple ansible playbook to patch mysql servers against CVE-2016-6662 | https://github.com/meersjo/ansible-mysql-cve-2016-6662 | POC Details |
| 3 | research CVE-2016-6662 | https://github.com/KosukeShimofuji/CVE-2016-6662 | POC Details |
| 4 | 0ldSQL_MySQL_RCE_exploit.py (ver. 1.0) (CVE-2016-6662) MySQL Remote Root Code Execution / Privesc PoC Exploit For testing purposes only. Do no harm. | https://github.com/Ashrafdev/MySQL-Remote-Root-Code-Execution | POC Details |
| 5 | None | https://github.com/boompig/cve-2016-6662 | POC Details |
| 6 | From SQL injection to root shell with CVE-2016-6662 by MaYaSeVeN | https://github.com/MAYASEVEN/CVE-2016-6662 | POC Details |
| 7 | This lab dedicated to learning penetration testing skill with CVE-2016-6662: MySQL Remote Root Code Execution | https://github.com/LSQUARE14/SQL_to_RCE_Lab | POC Details |
| 8 | CVE-2016-6662, tapi versi lab ala Kanya. Dari SQL Injection receh → bisa jadi full server takeover. Cocok buat latihan dan flexing di forum, jangan dipake ke server orang. | https://github.com/kanyaars/CVE-2016-6662 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2016-6662
请登录查看更多情报信息。
- https://jira.mariadb.org/browse/MDEV-10465x_refsource_CONFIRM
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlx_refsource_CONFIRM
- https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/x_refsource_CONFIRM
- https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/x_refsource_CONFIRM
- https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2016-6662
Same Patch Batch · n/a · 2016-09-20 · 22 CVEs total
| CVE-2015-8924 | libarchive 安全漏洞 | |
| CVE-2015-8934 | libarchive 安全漏洞 | |
| CVE-2015-8933 | libarchive 整数溢出漏洞 | |
| CVE-2015-8932 | libarchive 拒绝服务漏洞 | |
| CVE-2015-8931 | libarchive 整数溢出漏洞 | |
| CVE-2015-8930 | libarchive 安全漏洞 | |
| CVE-2015-8929 | libarchive 内存泄露漏洞 | |
| CVE-2015-8928 | libarchive 安全漏洞 | |
| CVE-2015-8927 | libarchive 安全漏洞 | |
| CVE-2015-8926 | libarchive 安全漏洞 | |
| CVE-2015-8925 | libarchive 安全漏洞 | |
| CVE-2016-6802 | Apache Shiro 远程安全绕过漏洞 | |
| CVE-2015-8923 | libarchive 安全漏洞 | |
| CVE-2015-8922 | libarchive 安全漏洞 | |
| CVE-2015-8921 | libarchive 拒绝服务漏洞 | |
| CVE-2015-8920 | libarchive 安全漏洞 | |
| CVE-2015-8919 | libarchive 安全漏洞 | |
| CVE-2015-8918 | libarchive 安全漏洞 | |
| CVE-2015-8917 | libarchive 安全漏洞 | |
| CVE-2015-8916 | libarchive 安全漏洞 |
Showing top 20 of 22 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2016-6662
No comments yet