Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password via a schutz action, or (6) execute arbitrary SQL commands via the sql_statement parameter to learn/cubemail/sql.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MySQLDumper 多个跨站请求伪造漏洞
Vulnerability Description
MySQLDumper是用PHP和Perl编写的MySQL数据库备份脚本。 MySQLDumper 1.24.4版本中存在多个跨站请求伪造(CSRF)漏洞。远程攻击者可利用这些漏洞(1)通过deletehtaccess操作删除文件访问限制(2)db操作中的kill值删除数据库(3)通过传送到learn/cubemail/install.php脚本中的phase参数中的101值卸载应用程序的请求劫持管理认证。
CVSS Information
N/A
Vulnerability Type
N/A