Description
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
CVSS Metrics
- Vector
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- Access Vector
- network
- Access Cmplx
- low
- Auth
- single
- Confidentiality
- partial
- Integrity
- partial
- Availability
- partial
- Weaknesses
- CWE-22
Metadata
- Primary Vendor
- MYSQL
- Published
- 6/8/2010
- Last Modified
- 4/11/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
mysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqlmysql : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysqloracle : mysql
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.