CVE-2012-4254

Опубликовано: 13 авг. 2012

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php.

Ссылки

http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html
Exploit
http://www.osvdb.org/81616
http://www.securityfocus.com/bid/53306
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/75287
http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html
Exploit
http://www.osvdb.org/81616
http://www.securityfocus.com/bid/53306
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/75287

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mysqldumper:mysqldumper:1.24.4:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06598

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-jfvq-65q8-hq2v

github

больше 3 лет назад