QwikSec

Security Database

CVE

CWE

Training

CVE-2012-4253

Published: Aug 13, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

mysqldumper-filemanagement-dir-traversal(75286)

vdb-entry

x_refsource_XF

http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html

x_refsource_MISC

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_OSVDB

mysqldumper-install-file-include(75283)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.