Description
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
Remediation
References
Related Vulnerabilities
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3942)
WordPress Plugin Permalink Manager Lite Unspecified Vulnerability (2.2.13.1)
WordPress Plugin Loginizer Cross-Site Scripting (1.3.9)
Moodle Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-5153)