Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MySQL Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2010-1848)

Description

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

Remediation

References

Related Vulnerabilities

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2937)

osTicket Other Vulnerability (CVE-2005-1438)

WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Multiple Unspecified Vulnerabilities (4.2)

WordPress Plugin Youzify-BuddyPress Community, User Profile, Social Network & Membership for WordPress Cross-Site Scripting (1.0.6)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3326)

Severity

Medium

Classification

CVE-2010-1848 CWE-22

Tags

Missing Update Known Vulnerabilities