Arbitrary Command Execution via Crafted Filename in Percona XtraBackup

Arbitrary Command Execution via Crafted Filename in Percona XtraBackup

CVE-2022-25834 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.

Learn more about our Web Application Penetration Testing UK.