CVE-2012-4255
MySQLDumper 1.24.4 - Exposure of Sensitive Information via Direct Request to refresh_dblist.php
Title source: llmDescription
MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message.
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53306
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/81616
Scores
EPSS
0.0133
EPSS Percentile
67.7%
Details
CWE
CWE-200
Status
published
Products (1)
mysqldumper/mysqldumper
1.24.4
Published
Aug 13, 2012
Tracked Since
Feb 18, 2026