CVE-2010-1848
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.7 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.9%
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a β¦ (dot dot) in a table name.
Affected configurations
References
bugs.mysql.com/bug.php?id=53371
dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.mysql.com/commits/107532
lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
securitytracker.com/id?1024031
support.apple.com/kb/HT4435
www.mandriva.com/security/advisories?name=MDVSA-2010:107
www.redhat.com/support/errata/RHSA-2010-0442.html
www.redhat.com/support/errata/RHSA-2010-0824.html
www.ubuntu.com/usn/USN-1397-1
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10258
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7210
Related
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.7 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.9%