Davi Arnaut

**Name of the Vulnerable Software and Affected Versions** MySQL versions 5.0 through 5.0.91 MySQL versions 5.1 before 5.1.47 **Description** A directory traversal issue allows remote authenticated users to bypass intended table grants, enabling them to read field definitions of arbitrary tables. In MySQL 5.1, this issue also allows users to read or delete the content of arbitrary tables by using a .. (dot dot) in a table name. **Recommendations** For MySQL versions 5.0 through 5.0.91, update to a version later than 5.0.91 to resolve the issue. For MySQL versions 5.1 before 5.1.47, update to version 5.1.47 or later to resolve the issue.