Published: 13/08/2012 Updated: 29/08/2017

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 515

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote malicious users to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password via a schutz action, or (6) execute arbitrary SQL commands via the sql_statement parameter to learn/cubemail/sql.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mysqldumper mysqldumper 1.24.4

source: wwwsecurityfocuscom/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1 Multiple cross-site scripting vulnerabilities 2 A local file-include vulnerability 3 Multiple cross-site request-forgery vulnerabilities 4 Multiple information-disclosure vulnerabilities 5 A directory-tr ...

CWE-352 http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html http://www.securityfocus.com/bid/53306 http://www.osvdb.org/81613 https://exchange.xforce.ibmcloud.com/vulnerabilities/75285 https://nvd.nist.gov https://www.exploit-db.com/exploits/37131/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-4252

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect