PT-2010-3474 · Oracle+1 · Mysql Server+1

Davi Arnaut

Published

2010-05-26

Updated

2019-12-17

CVE-2010-1848

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MySQL versions 5.0 through 5.0.91 MySQL versions 5.1 before 5.1.47

Description A directory traversal issue allows remote authenticated users to bypass intended table grants, enabling them to read field definitions of arbitrary tables. In MySQL 5.1, this issue also allows users to read or delete the content of arbitrary tables by using a .. (dot dot) in a table name.

Recommendations For MySQL versions 5.0 through 5.0.91, update to a version later than 5.0.91 to resolve the issue. For MySQL versions 5.1 before 5.1.47, update to version 5.1.47 or later to resolve the issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2010-1848

DSA-2057-1

RHSA-2010:0442

RHSA-2010:0824

RHSA-2010_0442

RHSA-2010_0824

Affected Products

Mysql Server

Red Hat

PT-2010-3474 · Oracle+1 · Mysql Server+1

CVE-2010-1848

Weakness Enumeration

Related Identifiers

Affected Products

References · 26