Description

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

Remediation

References

CVE-2010-1848

Related Vulnerabilities

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3942)

Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-15153)

WordPress Plugin Permalink Manager Lite Unspecified Vulnerability (2.2.13.1)

WordPress Plugin Loginizer Cross-Site Scripting (1.3.9)

Moodle Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-5153)

Severity

Medium

Classification

CVE-2010-1848 CWE-22

Tags

Missing Update Known Vulnerabilities