[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

88036

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2010-1848Date: (C)2010-06-07   (M)2018-06-11


Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE_INSTANCE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1024031
APPLE-SA-2010-11-10-1
MDVSA-2010:107
RHSA-2010:0442
RHSA-2010:0824
SUSE-SR:2010:019
SUSE-SR:2010:021
USN-1397-1
http://bugs.mysql.com/bug.php?id=53371
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
http://lists.mysql.com/commits/107532
http://support.apple.com/kb/HT4435

CPE    93
cpe:/a:mysql:mysql:5.0.12
cpe:/a:mysql:mysql:5.0.13
cpe:/a:mysql:mysql:5.0.10
cpe:/a:mysql:mysql:5.0.11
...
CWE    1
CWE-22
OVAL    19
oval:org.secpod.oval:def:4729
oval:org.secpod.oval:def:101043
oval:org.secpod.oval:def:100772
oval:org.secpod.oval:def:100176
...

© SecPod Technologies