Information disclosure

2012-08-1318:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.8%

JSON

MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message.

CPENameOperatorVersion
mysqldumpereq1.24.4

CPE	Name	Operator	Version
	mysqldumper	eq	1.24.4

References

packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html

www.osvdb.org/81616

www.securityfocus.com/bid/53306