Skip to main content

CVE-2005-2573

Severity Medium
Score 5/10

Summary

The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.

  • LOW
  • NETWORK
  • NONE
  • NONE
  • PARTIAL
  • NONE

References

Advisory Timeline

  • Published