Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0898

4 documents4 sources

Severity

5.0MEDIUM

EPSS

4.7%

top 10.63%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Opera Software Opera WEB Browser

Timeline

PublishedOct 4

Latest updateApr 30

Description

Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDopera_software/opera_web_browser6.0.1, 6.0.2+1

Patches

Patch: www.iss.net ↗Patch: www.securityfocus.com ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-m37w-74wr-m853: Opera 6↗2022-04-30

▶

CVEList

CVE-2002-0898: Opera 6↗2003-04-02

▶

💥Exploits & PoCs

Exploit-DB

Opera 6.0.1/6.0.2 - Arbitrary File Disclosure↗2002-05-27

▶