PT-2007-4823 · Mysql Server · Mysqldumper

Published

2007-07-05

Updated

2018-10-30

CVE-2007-3567

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MySQLDumper versions 1.21b through 1.23 REV227

Description The issue allows remote attackers to bypass authentication requirements via HTTP POST requests due to the use of a "Limit GET" statement in the .htaccess authentication mechanism.

Recommendations For versions 1.21b through 1.23 REV227, consider modifying the .htaccess file to properly restrict access to both GET and POST requests as a temporary workaround. Restrict access to the authentication mechanism to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3567

Affected Products

Mysqldumper

PT-2007-4823 · Mysql Server · Mysqldumper

CVE-2007-3567

Related Identifiers

Affected Products

References · 8