ghsa-qg5c-7q7p-mwc6
Vulnerability from github
Published
2022-05-01 02:09
Modified
2022-05-01 02:09
Details
The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash () character.
{ affected: [], aliases: [ "CVE-2005-2573", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2005-08-16T04:00:00Z", severity: "MODERATE", }, details: "The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\\) character.", id: "GHSA-qg5c-7q7p-mwc6", modified: "2022-05-01T02:09:36Z", published: "2022-05-01T02:09:36Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-2573", }, { type: "WEB", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21738", }, { type: "WEB", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/035847.html", }, { type: "WEB", url: "http://marc.info/?l=bugtraq&m=112360618320729&w=2", }, { type: "WEB", url: "http://mysql.bkbits.net:8080/mysql-4.0/cset@428b981bg2iwh3CbGANDaF-W6DbttA", }, { type: "WEB", url: "http://mysql.bkbits.net:8080/mysql-4.0/gnupatch@428b981bg2iwh3CbGANDaF-W6DbttA", }, { type: "WEB", url: "http://www.appsecinc.com/resources/alerts/mysql/2005-001.html", }, ], schema_version: "1.4.0", severity: [], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.