CVE-2024-47091

Published: Mag 13, 2026 Last Modified: Mag 13, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,2

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.

427

Uncontrolled Search Path Element

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

All platforms may be affected

View CWE Details

https://checkmk.com/werk/19198

CVE-2024-47091

Description

Uncontrolled Search Path Element

Common Consequences

Applicable Platforms

Iscriviti alla newsletter