CVE-2023-21887

MEDIUM

MySQL Server 8.0.0-8.0.31 - Authenticated Denial of Service in GIS Component

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-21887. PoCs published by zwxxb.

AI-analyzed exploit summary This Python script exploits CVE-2023-21887 by sending a crafted HTTP request to a vulnerable endpoint, triggering a reverse shell payload. It includes functionality to scan multiple targets from a list and log vulnerable hosts.

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Exploits (1)

nomisec WORKING POC 2 stars
by zwxxb · poc
https://github.com/zwxxb/CVE-2023-21887

This Python script exploits CVE-2023-21887 by sending a crafted HTTP request to a vulnerable endpoint, triggering a reverse shell payload. It includes functionality to scan multiple targets from a list and log vulnerable hosts.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unknown (likely a web application with a vulnerable API endpoint)
No auth needed
Prerequisites: List of target URLs · Network connectivity to targets · Python environment with httpx library
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Patch, Vendor Advisory vendor-advisory
https://www.oracle.com/security-alerts/cpujan2023.html

Scores

CVSS v3 4.9
EPSS 0.4313
EPSS Percentile 98.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (1)
oracle/mysql 8.0.0 - 8.0.31
Published Jan 18, 2023
Tracked Since Feb 18, 2026