← voltar
CVE-2010-1848

CVE-2010-1848

EPSS 3.1%
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://bugs.mysql.com/bug.php?id=53371http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.htmlhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.htmlhttp://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlhttp://lists.mysql.com/commits/107532http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.htmlhttp://securitytracker.com/id?1024031https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10258https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7210http://support.apple.com/kb/HT4435http://www.mandriva.com/security/advisories?name=MDVSA-2010:107