CVE-2010-2008 in MySQLinfo

Summary

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

05/21/2010

Disclosure

07/13/2010

Moderation

VulDB entry created

Entries

1: VDB-54026

CPE

ready

CWE

CWE-20 (Confirmed)

Exploit

Download

CVSS

4.3

EPSS

0.03606

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2010-2008
NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-2008
CVE Details	https://www.cvedetails.com/cve/CVE-2010-2008/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!