Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2008 — Command Injection in Oracle Mysql

CWE-77 — Command Injection CWE-79 — Cross-site Scripting50 documents10 sources

Severity

3.5LOWNVD

EPSS

3.6%

top 12.21%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Mysql Canonical Ubuntu Linux Fedoraproject Fedora +15 more

Timeline

PublishedJul 13

Latest updateJun 9

Description

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages16 packages

▶NVDoracle/mysql< 5.1.48

▶msrcmsrc/windows_server_2008

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2008_r2

Also affects: Fedora 13, Ubuntu Linux 10.04, 10.10, 11.04, 11.10, 6.06, 8.04, 9.10

🔴Vulnerability Details

GHSA

GHSA-x8g4-4q7f-5fwx: MySQL before 5↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

BulletProof FTP Client 2010 - Local Buffer Overflow (DEP Bypass)↗2015-05-18

▶

Exploit-DB

Alstrasoft e-Friends 4.96 - Multiple Vulnerabilities↗2010-10-27

▶

Exploit-DB

Microsoft Works 7 - 'WkImgSrv.dll' WKsPictureInterface() ActiveX (Metasploit)↗2010-09-25

▶

Exploit-DB

Ultra Shareware Office Control - ActiveX HttpUpload Buffer Overflow (Metasploit)↗2010-09-20

▶

Exploit-DB

VeryPDF PDFView - OCX ActiveX OpenPDF Heap Overflow (Metasploit)↗2010-09-20

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2022-2007↗2022-06-09

▶

Microsoft

Windows Uniscribe Information Disclosure Vulnerability↗2017-06-13

▶

Ubuntu

MySQL vulnerabilities↗2012-03-12

▶

Ubuntu

MySQL vulnerabilities↗2010-11-11

▶

Red Hat

kernel: Xen Dom0 crash with Windows 2008 R2 64bit DomU + GPLPV↗2010-09-20

▶

💬Community

Bugzilla

CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack↗2010-12-07

▶

Bugzilla

CVE-2008-7258 Ssmtp: Buffer overflow by cutting '\n' sequence from lines with leading dot↗2010-07-26

▶

Bugzilla

CVE-2010-2008 mysql: remote authenticated DoS via ALTER DATABASE [fedora-all]↗2010-07-13

▶

Bugzilla

CVE-2010-2008 mysql: remote authenticated DoS via ALTER DATABASE↗2010-07-13

▶

Bugzilla

CVE-2010-2244 avahi: assertion failure after receiving a packet with corrupted checksum↗2010-06-23

▶