CVE-2012-4252

Name of the Vulnerable Software and Affected Versions MySQLDumper version 1.24.4

Description The issue allows remote attackers to hijack the authentication of administrators for various requests, including removing file access restrictions, dropping a database, uninstalling the application, deleting config.php, changing a password, or executing arbitrary SQL commands. This can be achieved through multiple cross-site request forgery (CSRF) vulnerabilities. API Endpoints: "/learn/cubemail/install.php" "/learn/cubemail/sql.php" Vulnerable Parameters or Variables: deletehtaccess action, kill value in a db action, phase parameter, sql statement parameter, schutz action.

Recommendations For MySQLDumper version 1.24.4, update to a version that includes a fix for the CSRF vulnerabilities to prevent authentication hijacking and ensure the security of administrative requests.