mysqldumper 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は パス処理の欠陥、vendor risk cross-site scripting, and vendor risk csrf に関連することが多く、vendor surface data storage and vendor surface data access の文脈で ファイル上書き and vendor impact session compromise などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2017-1000012 | MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user | [email protected] | 6.1 | 0.21% | 2017-07-17 | 2026-05-13 |
| CVE-2012-4255 | MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message. | [email protected] | 4.3 | 0.33% | 2012-08-13 | 2026-04-29 |
| CVE-2012-4254 | MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php. | [email protected] | 4.3 | 6.97% | 2012-08-13 | 2026-04-29 |
| CVE-2012-4253 | Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php. | [email protected] | 4.3 | 30.16% | 2012-08-13 | 2026-04-29 |
| CVE-2012-4252 | Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password vi | [email protected] | 5.1 | 0.36% | 2012-08-13 | 2026-04-29 |
| CVE-2012-4251 | Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/. | [email protected] | 4.3 | 7.73% | 2012-08-13 | 2026-04-29 |
| CVE-2007-3567 | MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests. | [email protected] | 7.5 | 1.05% | 2007-07-05 | 2026-04-23 |
| CVE-2006-5264 | Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter. | [email protected] | 6.8 | 0.98% | 2006-10-12 | 2026-04-23 |