CVE-2009-3102

EPSS 6.45%
Veröffentlicht 08.09.2009 18:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zmanda ≫ Zrm For My Sql Version2.1 Editioncommunity

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.45%	0.901

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://forums.zmanda.com/showthread.php?p=8068

http://secunia.com/advisories/36424

Vendor Advisory

http://secunia.com/advisories/36429

Vendor Advisory

http://twitter.com/elegerov/statuses/3518763099

http://twitter.com/elegerov/statuses/3547652507

http://www.intevydis.com/blog/?p=51

https://exchange.xforce.ibmcloud.com/vulnerabilities/52977

https://exchange.xforce.ibmcloud.com/vulnerabilities/52978

https://nvd.nist.gov/vuln/detail/CVE-2009-3102

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3102

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3102

EUVD