English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.902675
Category:Web application abuses
Title:MySQLDumper Multiple Vulnerabilities
Summary:MySQLDumper is prone to multiple vulnerabilities.
Description:Summary:
MySQLDumper is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to

- Input passed via the 'language' parameter to signin.php and 'action'
parameter to filemanagement.php script is not properly verified before
being used, which allows attackers to read arbitrary files via a
../(dot dot) sequences.

- Improper validation of user-supplied input passed via the 'phase' parameter
to install.php, 'page' parameter to index.php, 'bid' parameter to sql.php
and 'filename' parameter to restore.php, which allows attackers to execute
arbitrary HTML and script code.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute
arbitrary script code in the context of the affected site, steal cookie based
authentication credentials, gain sensitive information or upload arbitrary
code.

Affected Software/OS:
MySQLDumper version 1.24.4

Solution:
No known solution was made available for at least one year since the disclosure of this vulnerability.
Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-4251
BugTraq ID: 53306
http://www.securityfocus.com/bid/53306
http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html
http://www.osvdb.org/81610
http://www.osvdb.org/81611
http://www.osvdb.org/81612
XForce ISS Database: mysqldumper-install-xss(75284)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75284
Common Vulnerability Exposure (CVE) ID: CVE-2012-4252
http://www.osvdb.org/81613
XForce ISS Database: mysqldumper-main-csrf(75285)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75285
Common Vulnerability Exposure (CVE) ID: CVE-2012-4253
http://www.osvdb.org/81609
http://www.osvdb.org/81615
XForce ISS Database: mysqldumper-filemanagement-dir-traversal(75286)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75286
XForce ISS Database: mysqldumper-install-file-include(75283)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75283
Common Vulnerability Exposure (CVE) ID: CVE-2012-4254
http://www.osvdb.org/81616
XForce ISS Database: mysqldumper-restore-info-disclosure(75287)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75287
Common Vulnerability Exposure (CVE) ID: CVE-2012-4255
CopyrightCopyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.