To operate the vulnerability attacker requires privileges to edit the configuration file (root permissions).
New MySQL Zero-Day Allows An Attacker To Take Full Control Of Database
Polish security researcher Dawid Golunski reported that he discovered two critical zero-day vulnerabilities in the world's second most popular database management software known as MySQL that could allow an attacker to take full control over the database.
