If the database user has sufficient privileges (e.g., FILE privilege), further system-level access is possible.
If NULL, file read/write is disabled. If a path is listed, operations are restricted to that folder. mysql hacktricks verified