CVE-2010-1848Path Traversal in Mysql

CWE-22Path Traversal6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 82.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MysqlOracle Mysql
Timeline
PublishedJun 8
Latest updateMay 13

Description

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

NVDmysql/mysql23 versions+22
NVDoracle/mysql62 versions+61

🔴Vulnerability Details

1
GHSA
GHSA-phjc-c95f-c2c3: Directory traversal vulnerability in MySQL 52022-05-13

📋Vendor Advisories

3
Ubuntu
MySQL vulnerabilities2012-03-12
Ubuntu
MySQL vulnerabilities2010-06-09
Red Hat
mysql: multiple insufficient table name checks2010-05-13

💬Community

1
Bugzilla
CVE-2010-1848 mysql: multiple insufficient table name checks2010-05-13
CVE-2010-1848 — Path Traversal in Mysql | cvebase