cpe:/a:mysqldumper:mysqldumper:1.24.4 CVE-2012-4252 2012-08-13T14:55:05.693-04:00 2017-08-28T21:32:14.917-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-08-14T10:06:00.000-04:00 BID 53306 OSVDB 81613 MISC http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html XF mysqldumper-main-csrf(75285) Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password via a schutz action, or (6) execute arbitrary SQL commands via the sql_statement parameter to learn/cubemail/sql.php.