Description

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

Remediation

References

CVE-2010-1848

Related Vulnerabilities

WordPress Plugin Marketo Forms and Tracking Cross-Site Request Forgery (1.0.2)

WordPress Plugin SecuPress Free-WordPress Security Security Bypass (1.4.13)

WordPress Plugin Video Metabox Cross-Site Scripting (1.1)

Zope Web Application Server Other Vulnerability (CVE-2001-1278)

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-3385)

Severity

Medium

Classification

CVE-2010-1848 CWE-22

Tags

Missing Update Known Vulnerabilities