[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1848Date: (C)2010-06-07   (M)2024-02-22


Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1024031
APPLE-SA-2010-11-10-1
MDVSA-2010:107
RHSA-2010:0442
RHSA-2010:0824
SUSE-SR:2010:019
SUSE-SR:2010:021
USN-1397-1
http://bugs.mysql.com/bug.php?id=53371
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
http://lists.mysql.com/commits/107532
http://support.apple.com/kb/HT4435
oval:org.mitre.oval:def:10258
oval:org.mitre.oval:def:7210

CPE    21
cpe:/a:mysql:mysql:5.0.10
cpe:/a:mysql:mysql:5.0.16
cpe:/a:mysql:mysql:5.0.17
cpe:/a:mysql:mysql:5.0.15
...
CWE    1
CWE-22
OVAL    19
oval:org.secpod.oval:def:100923
oval:org.secpod.oval:def:201861
oval:org.mitre.oval:def:7210
oval:org.mitre.oval:def:11765
...

© SecPod Technologies