{"id":"CVE-2023-39593","details":"Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.","aliases":["BIT-mariadb-2023-39593","BIT-mariadb-min-2023-39593","BIT-mysql-client-2023-39593"],"modified":"2026-04-12T08:01:11.795887Z","published":"2024-10-17T22:15:02.847Z","references":[{"type":"ARTICLE","url":"https://seclists.org/fulldisclosure/2012/Dec/39"},{"type":"EVIDENCE","url":"https://github.com/Ant1sec-ops/CVE-2023-39593"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"0"},{"last_affected":"7c7f9bef28aa566557da31402142f6dd8298ddd2"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"10.5.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:mariadb:mariadb:10.5.0:*:*:*:*:*:*:*"}}],"versions":["mariadb-10.1.0","mariadb-10.1.2","mariadb-10.1.3","mariadb-10.1.4","mariadb-10.1.5","mariadb-10.1.6","mariadb-10.1.7","mariadb-10.1.8","mariadb-10.2.0","mariadb-10.2.1","mariadb-10.2.2","mariadb-10.3.0","mariadb-10.3.1","mariadb-10.3.2","mariadb-10.3.4","mariadb-10.3.5","mariadb-10.3.6","mariadb-10.4.3","mariadb-10.4.4","mariadb-10.5.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-39593.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L"}]}