CVE-2012-4251 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php (2) phase parameter to install.php (3) tablename or (4) dbid parameter to sql.php or (5) filename parameter to restore.php in learn/cubemail/.

Reference

http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html http://www.osvdb.org/81610 http://www.osvdb.org/81611 http://www.osvdb.org/81612 http://www.securityfocus.com/bid/53306 https://exchange.xforce.ibmcloud.com/vulnerabilities/75284