CWE-250
AllowedExecution with Unnecessary Privileges
Abstraction: Base · Status: Draft
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
573 vulnerabilities reference this CWE, most recent first.
GHSA-GP5F-CX7H-8Q6F
Vulnerability from github – Published: 2025-10-30 12:31 – Updated: 2025-10-30 17:09User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-airflow"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-62503"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-30T17:09:32Z",
"nvd_published_at": "2025-10-30T10:15:35Z",
"severity": "MODERATE"
},
"details": "User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.",
"id": "GHSA-gp5f-cx7h-8q6f",
"modified": "2025-10-30T17:09:32Z",
"published": "2025-10-30T12:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62503"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/airflow"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/ov923dyccwbv01v9mhcv7t7ykzobycfo"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/10/29/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Airflow\u0027s create action can upsert existing Pools/Connections/Variables"
}
GHSA-GQ47-9C3W-7RRC
Vulnerability from github – Published: 2026-05-13 18:30 – Updated: 2026-05-13 18:30A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2026-32673"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-13T16:16:39Z",
"severity": "HIGH"
},
"details": "A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-gq47-9c3w-7rrc",
"modified": "2026-05-13T18:30:54Z",
"published": "2026-05-13T18:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32673"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000161040"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GWH4-PXRM-9FF9
Vulnerability from github – Published: 2025-10-31 15:30 – Updated: 2025-10-31 15:30IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.
{
"affected": [],
"aliases": [
"CVE-2025-33003"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-31T13:15:33Z",
"severity": "HIGH"
},
"details": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.",
"id": "GHSA-gwh4-pxrm-9ff9",
"modified": "2025-10-31T15:30:31Z",
"published": "2025-10-31T15:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33003"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7246684"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GWJ6-XPFG-PXWR
Vulnerability from github – Published: 2025-09-08 20:59 – Updated: 2025-09-10 21:05Impact
The blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user profile. To exploit, it is sufficient to add an object of type Blog.BlogPostClass to any page and to add some script macro with the exploit code to the "Content" field of that object.
Patches
The vulnerability has been patched in the blog application version 9.14 by executing the content of blog posts with the rights of the appropriate author.
Workarounds
We're not aware of any workarounds.
Resources
- https://jira.xwiki.org/browse/BLOG-191
- https://github.com/xwiki-contrib/application-blog/commit/b98ab6f17da3029576f42d12b4442cd555c7e0b4
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.contrib.blog:application-blog-ui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-58365"
],
"database_specific": {
"cwe_ids": [
"CWE-250",
"CWE-94",
"CWE-95"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-08T20:59:47Z",
"nvd_published_at": "2025-09-08T22:15:34Z",
"severity": "HIGH"
},
"details": "### Impact\nThe blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user profile. To exploit, it is sufficient to add an object of type `Blog.BlogPostClass` to any page and to add some script macro with the exploit code to the \"Content\" field of that object.\n\n### Patches\nThe vulnerability has been patched in the blog application version 9.14 by executing the content of blog posts with the rights of the appropriate author.\n\n### Workarounds\nWe\u0027re not aware of any workarounds.\n\n### Resources\n* https://jira.xwiki.org/browse/BLOG-191\n* https://github.com/xwiki-contrib/application-blog/commit/b98ab6f17da3029576f42d12b4442cd555c7e0b4",
"id": "GHSA-gwj6-xpfg-pxwr",
"modified": "2025-09-10T21:05:21Z",
"published": "2025-09-08T20:59:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki-contrib/application-blog/security/advisories/GHSA-gwj6-xpfg-pxwr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58365"
},
{
"type": "WEB",
"url": "https://github.com/xwiki-contrib/application-blog/commit/b98ab6f17da3029576f42d12b4442cd555c7e0b4"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki-contrib/application-blog"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/BLOG-191"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "XWiki Blog Application: Privilege Escalation (PR) from account through blog content"
}
GHSA-GX86-5682-2G7G
Vulnerability from github – Published: 2025-02-06 06:31 – Updated: 2025-02-06 06:31IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges.
{
"affected": [],
"aliases": [
"CVE-2024-49814"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-06T01:15:08Z",
"severity": "HIGH"
},
"details": "IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges.",
"id": "GHSA-gx86-5682-2g7g",
"modified": "2025-02-06T06:31:26Z",
"published": "2025-02-06T06:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49814"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7182558"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H23X-F4P5-92C3
Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-02 18:30man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)
{
"affected": [],
"aliases": [
"CVE-2018-25078"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-26T21:15:00Z",
"severity": "HIGH"
},
"details": "man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)",
"id": "GHSA-h23x-f4p5-92c3",
"modified": "2023-02-02T18:30:48Z",
"published": "2023-01-26T21:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25078"
},
{
"type": "WEB",
"url": "https://bugs.gentoo.org/662438"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202310-08"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H2MH-W6G5-655P
Vulnerability from github – Published: 2026-03-04 15:30 – Updated: 2026-03-04 15:30Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
{
"affected": [],
"aliases": [
"CVE-2026-21424"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T13:15:57Z",
"severity": "MODERATE"
},
"details": "Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.",
"id": "GHSA-h2mh-w6g5-655p",
"modified": "2026-03-04T15:30:34Z",
"published": "2026-03-04T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21424"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H36M-WPRV-97PG
Vulnerability from github – Published: 2025-08-13 15:30 – Updated: 2025-08-13 15:30A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "[T]he device only has configuration files and does not actually have boa functionality. It is impossible to access or upload files anonymously to the device through boa services". This vulnerability only affects products that are no longer supported by the maintainer.
{
"affected": [],
"aliases": [
"CVE-2025-8907"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-13T13:15:34Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor explains: \"[T]he device only has configuration files and does not actually have boa functionality. It is impossible to access or upload files anonymously to the device through boa services\". This vulnerability only affects products that are no longer supported by the maintainer.",
"id": "GHSA-h36m-wprv-97pg",
"modified": "2025-08-13T15:30:34Z",
"published": "2025-08-13T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8907"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.319861"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.319861"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.624554"
},
{
"type": "WEB",
"url": "https://www.notion.so/23f54a1113e7804bae88e76f9fb0cf5b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-H5QW-42JQ-7CMH
Vulnerability from github – Published: 2025-12-17 15:34 – Updated: 2025-12-17 15:34A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system.
Other related CVE's are CVE-2025-14095 & CVE-2025-14097.
Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.
Required Configuration for Exposure:
Attacker requires physical access to the analyzer.
Temporary work Around: Only authorized people can physically access the analyzer.
Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution.
Exploit Status:
Researchers have provided a working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication.
{
"affected": [],
"aliases": [
"CVE-2025-14096"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-17T13:15:57Z",
"severity": "HIGH"
},
"details": "A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system.\n\nOther related CVE\u0027s are CVE-2025-14095 \u0026 CVE-2025-14097.\n\n\n\nAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\n\n\n\n\n\nRequired Configuration for Exposure:\n\n\nAttacker requires physical access to the analyzer.\n\n\n\nTemporary work Around:\nOnly authorized people can physically access the analyzer.\n\nPermanent solution:\nLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\nExploit Status:\n\n\nResearchers have provided a working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication.",
"id": "GHSA-h5qw-42jq-7cmh",
"modified": "2025-12-17T15:34:53Z",
"published": "2025-12-17T15:34:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14096"
},
{
"type": "WEB",
"url": "https://www.radiometer.com/myradiometer"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H5RG-JPQM-G43G
Vulnerability from github – Published: 2024-09-10 12:30 – Updated: 2024-09-10 12:30A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges.
{
"affected": [],
"aliases": [
"CVE-2024-35783"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T10:15:09Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions \u003c V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges.",
"id": "GHSA-h5rg-jpqm-g43g",
"modified": "2024-09-10T12:30:37Z",
"published": "2024-09-10T12:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35783"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-629254.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation MIT-18
Strategy: Separation of Privilege
Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators.
Mitigation MIT-18
Strategy: Attack Surface Reduction
Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators.
Mitigation
Perform extensive input validation for any privileged code that must be exposed to the user and reject anything that does not fit your strict requirements.
Mitigation MIT-19
When dropping privileges, ensure that they have been dropped successfully to avoid CWE-273. As protection mechanisms in the environment get stronger, privilege-dropping calls may fail even if it seems like they would always succeed.
Mitigation
If circumstances force you to run with extra privileges, then determine the minimum access level necessary. First identify the different permissions that the software and its users will need to perform their actions, such as file read and write permissions, network socket permissions, and so forth. Then explicitly allow those actions while denying all else [REF-76]. Perform extensive input validation and canonicalization to minimize the chances of introducing a separate vulnerability. This mitigation is much more prone to error than dropping the privileges in the first place.
Mitigation MIT-37
Strategy: Environment Hardening
Ensure that the software runs properly under the United States Government Configuration Baseline (USGCB) [REF-199] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software.
CAPEC-104: Cross Zone Scripting
An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security.
CAPEC-470: Expanding Control over the Operating System from the Database
An attacker is able to leverage access gained to the database to read / write data to the file system, compromise the operating system, create a tunnel for accessing the host machine, and use this access to potentially attack other machines on the same network as the database machine. Traditionally SQL injections attacks are viewed as a way to gain unauthorized read access to the data stored in the database, modify the data in the database, delete the data, etc. However, almost every data base management system (DBMS) system includes facilities that if compromised allow an attacker complete access to the file system, operating system, and full access to the host running the database. The attacker can then use this privileged access to launch subsequent attacks. These facilities include dropping into a command shell, creating user defined functions that can call system level libraries present on the host machine, stored procedures, etc.
CAPEC-69: Target Programs with Elevated Privileges
This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges.