Vulnerabilities > Mysqldumper > Mysqldumper > 1.24.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-13 | CVE-2012-4255 | Information Exposure vulnerability in Mysqldumper 1.24.4 MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message. | 4.3 |
| 2012-08-13 | CVE-2012-4254 | Information Exposure vulnerability in Mysqldumper 1.24.4 MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php. | 4.3 |
| 2012-08-13 | CVE-2012-4253 | Path Traversal vulnerability in Mysqldumper 1.24.4 Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. | 4.3 |
| 2012-08-13 | CVE-2012-4252 | Cross-Site Request Forgery (CSRF) vulnerability in Mysqldumper 1.24.4 Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password via a schutz action, or (6) execute arbitrary SQL commands via the sql_statement parameter to learn/cubemail/sql.php. | 5.1 |
| 2012-08-13 | CVE-2012-4251 | Cross-Site Scripting vulnerability in Mysqldumper 1.24.4 Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/. | 4.3 |