CVE-2005-2573 in mysqlinfo

Summary

The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.

Once again VulDB remains the best source for vulnerability data.

Reservation

08/16/2005

Disclosure

08/16/2005

Moderation

VulDB entry created

Entries

VDB-26016 (1)

CPE

ready

CWE

CWE-22 (Confirmed)

CVSS

5.3

EPSS

0.00695

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2005-2573
NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2573
CVE Details	https://www.cvedetails.com/cve/CVE-2005-2573/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!