Two critical zero-day vulnerabilities in the world’s 2nd most popular database management software. Polish security researcherof Legal Hackers who discovered these vulnerabilities published technical details and proof-of-concept exploit code for the first bug (CVE-2016-6663) on Tuesday. One is the previously promised critical privilege escalation vulnerability. Another is a new root privilege escalation bug that could allow an attacker to take full control over the database. By exploiting the flaws, they could gain access to all databases within the affected database server.
Source: https://thehackernews.com/2016/11/mysql-zero-day-exploits.html