Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0407Path Traversal in Oracle Mysql

3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.7%
top 27.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Mysql
Timeline
PublishedJun 27
Latest updateApr 30

Description

Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDoracle/mysql3.23.36

Patches

Patch: archives.neohapsis.comPatch: archives.neohapsis.com

🔴Vulnerability Details

1
GHSA
GHSA-44p8-q8mq-gw9f: Directory traversal vulnerability in MySQL before 32022-04-30

💥Exploits & PoCs

1
Exploit-DB
MySQL 3.20.32 a/3.23.34 - Root Operation Symbolic Link File Overwriting2001-03-18