3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
88.2%
MySQL before 5.1.48 allows remote authenticated users with alter database
privileges to cause a denial of service (server crash and database loss)
via an ALTER DATABASE command with a #mysql50# string followed by a .
(dot), … (dot dot), …/ (dot dot slash) or similar sequence, and an
UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain
directories to the server data directory.
Author | Note |
---|---|
jdstrand | PoC in upstream report (remeber to add UPGRADE DATA DIRECTORY NAME) |