CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
74.9%
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a β¦ (dot dot) in a table name.
bugs.mysql.com/bug.php?id=53371
dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.mysql.com/commits/107532
lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
securitytracker.com/id?1024031
support.apple.com/kb/HT4435
www.mandriva.com/security/advisories?name=MDVSA-2010:107
www.redhat.com/support/errata/RHSA-2010-0442.html
www.redhat.com/support/errata/RHSA-2010-0824.html
www.ubuntu.com/usn/USN-1397-1
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10258
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7210