# strange user plum@% mariadb(mysql)

## denysonique

Today after I have performe a select on the mysql database called 'mysql' I found out that a user called plum exists in the database system. I don't remember having this user before. I don't remember creating such one. Does anyone have any ideas where this user could be from?

----------

## tomk

Check to see what tables it has permissions for, this might give you a better idea what it's for:

```
SHOW GRANTS FOR 'plum'@'%';
```

----------

## denysonique

+----------------------------------+

| Grants for plum@%                |

+----------------------------------+

| GRANT USAGE ON *.* TO 'plum'@'%' |

+----------------------------------+

this is very weird,

I guess this could have been introduced through a vulnerability in some web application running on this machine

though apach runs only on the loopback interface while mariadb listens on all of them

----------

