CVE-2012-5615

Oracle MySQL <5.5.38 & MariaDB <5.5.28a - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-5615. PoCs published by kingcope.

AI-analyzed exploit summary This exploit leverages a post-authentication UDF (User Defined Function) technique to achieve remote code execution on MySQL Windows systems, resulting in a SYSTEM-level reverse shell. It requires compiling a custom payload DLL and the exploit binary, then executing it with valid MySQL credentials.

Description

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.

Exploits (2)

exploitdb WORKING POC VERIFIED
by kingcope · textremotewindows
https://www.exploit-db.com/exploits/23073

This exploit leverages a post-authentication UDF (User Defined Function) technique to achieve remote code execution on MySQL Windows systems, resulting in a SYSTEM-level reverse shell. It requires compiling a custom payload DLL and the exploit binary, then executing it with valid MySQL credentials.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle MySQL on Windows (specific version not specified)
Auth required
Prerequisites: Valid MySQL admin credentials · MySQL client libraries and headers for compilation · MinGW or Wine for payload DLL compilation · Open reverse shell port on attacker machine
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb SCANNER VERIFIED
by kingcope · perlremotemultiple
https://www.exploit-db.com/exploits/23081

This script enumerates MySQL user accounts by exploiting a timing difference in authentication responses between MySQL 4.x and 5.x servers. It uses a wordlist to test usernames and identifies valid accounts based on the server's error message.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: MySQL 5.x (with old authentication mechanism)
No auth needed
Prerequisites: Network access to MySQL server (port 3306) · Wordlist of potential usernames
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (11)

Core 11
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/53372
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/12/02/3
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2012/Dec/9
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201308-06.xml
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/12/02/4
Various Sources x_refsource_confirm
https://mariadb.atlassian.net/browse/MDEV-3909

Scores

EPSS 0.2387
EPSS Percentile 96.2%

Details

CWE
CWE-200
Status published
Products (5)
mariadb/mariadb 5.1.66
mariadb/mariadb 5.2.13
mariadb/mariadb 5.3.11
mariadb/mariadb 5.5.28a
oracle/mysql 5.5.19
Published Dec 03, 2012
Tracked Since Feb 18, 2026