Mysqldumper

mysqldumper

Vendor: Mysqldumper • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-1000012 1Mysqldumper 1Mysqldumper May 13, 2026 Jul 17, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user
CVE-2012-4255 1Mysqldumper 1Mysqldumper Apr 29, 2026 Aug 13, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message.
CVE-2012-4254 1Mysqldumper 1Mysqldumper Apr 29, 2026 Aug 13, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php.
CVE-2012-4253 1Mysqldumper 1Mysqldumper Apr 29, 2026 Aug 13, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cu...Show more Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.Show less
CVE-2012-4252 1Mysqldumper 1Mysqldumper Apr 29, 2026 Aug 13, 2012 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtac...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password via a schutz action, or (6) execute arbitrary SQL commands via the sql_statement parameter to learn/cubemail/sql.php.Show less
CVE-2012-4251 1Mysqldumper 1Mysqldumper Apr 29, 2026 Aug 13, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tab...Show more Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.Show less
CVE-2007-3567 1Mysqldumper 1Mysqldumper Apr 23, 2026 Jul 5, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests.
CVE-2006-5264 1Mysqldumper 1Mysqldumper Apr 23, 2026 Oct 12, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter.