CVE-1999-1260

CVSS 2.0 Score 7.5 of 10 (high)

Details

Published Feb 15, 1999
Updated: Dec 19, 2017

Summary

CVE-1999-1260 is a vulnerability affecting mSQL (Mini SQL) version 2.0.6. This issue allows remote attackers to access sensitive server information, including logged users, database names, and server version, through the ServerStats query without proper authorization. The vulnerability poses a significant risk as the obtained information can be used for further unauthorized actions, such as database intrusion and data theft. Attackers can exploit this vulnerability by sending a specially crafted ServerStats query to the mSQL server. To mitigate this risk, it is recommended that users upgrade to a more secure version of mSQL or implement access controls to limit the execution of ServerStats queries to trusted sources.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share