Disable local_infile setting in MySQL
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | sql |
| Provider | |
| Vulnerability Type | misconfiguration |
Description#
Enabling the MySQL ’local_infile’ setting allows the database to read local files from the server’s filesystem using the LOAD DATA statement, which can expose sensitive files if not properly controlled.
Impact#
If combined with a SQL injection vulnerability, attackers could use this setting to read arbitrary files from the database server, potentially leaking credentials, configuration files, or other sensitive data, leading to significant data breaches.
Resolution#
Disable the local infile setting