CVE-2010-2008 in MySQLinformazioni

Riassunto

di MITRE

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

21/05/2010

Divulgazione

13/07/2010

Moderazione

accettato

Voce

VDB-54026

CPE

pronto

CWE

CWE-20 (confermato)

Sfruttamento

Scaricare

CVSS

3.5 (NVD)

EPSS

0.09011

KEV

Attività

molto basso

Settore

Hospital, Energy, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2010-2008
NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-2008
CVE Details	https://www.cvedetails.com/cve/CVE-2010-2008/

◂ Precedente Visione D'ensemble Il prossimo ▸

Interested in the pricing of exploits?

See the underground prices here!