Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
MySQL Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability - CVE-2010-2008 - Vulnerability Database
MySQL

MySQL Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability - CVE-2010-2008

Low
Reference: CVE-2010-2008
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2010-2008
Title: MySQL Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability
Overview:

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a mysql50 string followed by a . (dot) .. (dot dot) ../ (dot dot slash) or similar sequence and an UPGRADE DATA DIRECTORY NAME command which causes MySQL to move certain directories to the server data directory.