[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108530

 
 

909

 
 

85343

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2010-1848Date: (C)2010-06-07   (M)2018-06-11


Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 6.5
Exploit Score: Exploit Score: 8.0
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: SINGLE_INSTANCE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1024031
APPLE-SA-2010-11-10-1
MDVSA-2010:107
RHSA-2010:0442
RHSA-2010:0824
SUSE-SR:2010:019
SUSE-SR:2010:021
USN-1397-1
http://bugs.mysql.com/bug.php?id=53371
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
http://lists.mysql.com/commits/107532
http://support.apple.com/kb/HT4435

CPE    93
cpe:/a:mysql:mysql:5.0.90
cpe:/a:mysql:mysql:5.0.91
cpe:/a:mysql:mysql:5.0.89
cpe:/a:mysql:mysql:5.0.88
...
CWE    1
CWE-22
OVAL    19
oval:org.mitre.oval:def:11765
oval:org.secpod.oval:def:700122
oval:org.secpod.oval:def:600008
oval:org.mitre.oval:def:7210
...

© SecPod Technologies