PT-2010-3474 · Oracle+1 · Mysql Server+1

Davi Arnaut

Publicado

2010-05-26

Atualizado

2019-12-17

CVE-2010-1848

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MySQL versions 5.0 through 5.0.91 MySQL versions 5.1 before 5.1.47

Description A directory traversal issue allows remote authenticated users to bypass intended table grants, enabling them to read field definitions of arbitrary tables. In MySQL 5.1, this issue also allows users to read or delete the content of arbitrary tables by using a .. (dot dot) in a table name.

Recommendations For MySQL versions 5.0 through 5.0.91, update to a version later than 5.0.91 to resolve the issue. For MySQL versions 5.1 before 5.1.47, update to version 5.1.47 or later to resolve the issue.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2010-1848

DSA-2057-1

RHSA-2010:0442

RHSA-2010:0824

RHSA-2010_0442

RHSA-2010_0824

Produtos afetados

Mysql Server

Red Hat

PT-2010-3474 · Oracle+1 · Mysql Server+1

CVE-2010-1848

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26