CVE-2018-15768
Insecure MySQL Configuration Vulnerability
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS —EPSS 9.1%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
14 Nov 2018Public PoC
30 Nov 2018Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
In short
Dell OpenManage Network Manager versions before 6.5.0 had an insecure MySQL setup that allowed database users to read and write files on the server. This could let attackers access sensitive data or modify system files.
Technical detail
The vulnerability stems from insecure default MySQL configuration in embedded database instances, granting FILE privilege to database users without restriction. An attacker with database access can leverage INTO OUTFILE/LOAD_FILE functionality to exfiltrate sensitive files or inject malicious content into the filesystem, potentially leading to privilege escalation or code execution depending on file permissions.
Summary generated and translated by AI from the official description.
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database.
Affected products
Dell · OpenManage Network Managerpublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/45852/unverifiedexploitdbwww.exploit-db.com/exploits/45852unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →