CVE-2010-1848

NameCVE-2010-1848
DescriptionDirectory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2057-1
NVD severitymedium (attack range: remote)
Debian Bugs582526

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mysql-5.1source(unstable)5.1.47-1medium582526
mysql-dfsg-5.0source(unstable)(unfixed)medium
mysql-dfsg-5.0sourcelenny5.0.51a-24+lenny4mediumDSA-2057-1

Search for package or bug name: Reporting problems