CVE-2012-4254

mysqldumper 1.24.4 - Exposure of Sensitive Information via Direct Request to Restore or Dump Script

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4254. PoCs published by AkaStep.

AI-analyzed exploit summary This is a vulnerability advisory describing multiple issues in MySQLDumper 1.24.4, including XSS, LFI, CSRF, info disclosure, and directory traversal. No exploit code is provided, only a summary of vulnerabilities and affected endpoints.

Description

MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by AkaStep · textwebappsphp
https://www.exploit-db.com/exploits/37130

This is a vulnerability advisory describing multiple issues in MySQLDumper 1.24.4, including XSS, LFI, CSRF, info disclosure, and directory traversal. No exploit code is provided, only a summary of vulnerabilities and affected endpoints.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: MySQLDumper 1.24.4
No auth needed
Prerequisites: Access to vulnerable MySQLDumper instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53306
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75287
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/81616

Scores

EPSS 0.0244
EPSS Percentile 82.2%

Details

CWE
CWE-200
Status published
Products (1)
mysqldumper/mysqldumper 1.24.4
Published Aug 13, 2012
Tracked Since Feb 18, 2026