CVE-2012-4255

2022-10-0316:15:34

mitre

www.cve.org

cve-2012-4255

mysqldumper

sensitive information disclosure

remote attack

installation path

6.1 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.8%

JSON

MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message.

References

packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html

www.osvdb.org/81616

www.securityfocus.com/bid/53306