Approved changes feed: RSS · Atom
cpe:2.3:a:aio-libs:aiomysql:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aio Libs (b3735a8e-7383-5512-bfdf-4376fad95ccd) |
|---|---|
| Product | Aiomysql (b9904b97-00a3-5bee-abf9-dedc284d65c6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-62611 |
vulnerable | 2026-06-08 07:39:16.210294 |
aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server
aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary files from the client by sending a LOAD_LOCAL instruction packet. This issue has been patched in version 0.3.0.
Published: 2025-10-22T19:29:26.708Z
Updated: 2025-10-22T19:44:02.865Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.