Exploit for #VU57510 Improper input validation in MySQL Connectors

Vulnerability identifier: #VU57510

Vulnerability risk: Medium

CVSSv4.0: 5.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2021-2471

CWE-ID: CWE-20

Exploitation vector: Network

Exploits in database: 3

• October 24, 2021
  • CVE-2021-2471 () [Github]
  • CVE-2021-2471 (PoC for CVE-2021-2471 - XXE in MySQL Connector/J) [Github]
  • jdbc-sqlxml-xxe (h2-jdbc(https://github.com/h2database/h2database/issues/3195) & mysql-jdbc(CVE-2021-2471) SQLXML XXE vulnerability reproduction.) [Github]

Vulnerable software:
MySQL Connectors
Hardware solutions / Drivers

Vendor: Oracle