QwikSec

Security Database

CVE

CWE

Training

CVE-2005-2573

Published: Aug 16, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

mysql-udf-directory-traversal(21738)

vdb-entry

x_refsource_XF

20050808 [AppSecInc Advisory MYSQL05-V0001] Improper Filtering of Directory Traversal Characters in MySQL User Defined Functions

mailing-list

x_refsource_BUGTRAQ

http://www.appsecinc.com/resources/alerts/mysql/2005-001.html

x_refsource_MISC

http://mysql.bkbits.net:8080/mysql-4.0/cset%40428b981bg2iwh3CbGANDaF-W6DbttA

x_refsource_CONFIRM

20050808 [AppSecInc Advisory MYSQL05-V0001] Improper Filtering of Directory Traversal Characters in MySQL User Defined Functions

mailing-list

x_refsource_FULLDISC

http://mysql.bkbits.net:8080/mysql-4.0/gnupatch%40428b981bg2iwh3CbGANDaF-W6DbttA

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.