Description
Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password via a schutz action, or (6) execute arbitrary SQL commands via the sql_statement parameter to learn/cubemail/sql.php.
Exploits (1)
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75285
Exploit x_refsource_misc
http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53306
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/81613
Scores
EPSS
0.0036
EPSS Percentile
58.1%
Details
CWE
CWE-352
Status
published
Products (1)
mysqldumper/mysqldumper
1.24.4
Published
Aug 13, 2012
Tracked Since
Feb 18, 2026