CVE-2006-5145
published 2006-10-05CVE-2006-5145: Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.10%
61.5th percentile
Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| olate | olatedownload | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
OlateDownload 3.4 - 'details.php?page' SQL Injection
exploitdb·2006-09-29
CVE-2006-5145 OlateDownload 3.4 - 'details.php?page' SQL Injection
OlateDownload 3.4 - 'details.php?page' SQL Injection
---
source: https://www.securityfocus.com/bid/20278/info
OlateDownload is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to inject hostile HTML and script code into vulnerable sections of the application, steal cookie-based authentication credentials from legitimate users of the site, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
OlateDownload version 3.4.0 is vulnerable.
http://www.example.com/details.php?page=%BF%27%22%28&file=1
Exploit-DB
OlateDownload 3.4 - 'search.php?query' SQL Injection
exploitdb·2006-09-29
CVE-2006-5145 OlateDownload 3.4 - 'search.php?query' SQL Injection
OlateDownload 3.4 - 'search.php?query' SQL Injection
---
source: https://www.securityfocus.com/bid/20278/info
OlateDownload is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to inject hostile HTML and script code into vulnerable sections of the application, steal cookie-based authentication credentials from legitimate users of the site, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
OlateDownload version 3.4.0 is vulnerable.
http://www.example.com/search.php?query=%BF%27%22%28
No writeups or analysis indexed.
http://secunia.com/advisories/22241http://securityreason.com/securityalert/1680http://www.securityfocus.com/archive/1/447424/100/0/threadedhttp://www.securityfocus.com/bid/20278https://exchange.xforce.ibmcloud.com/vulnerabilities/29294http://secunia.com/advisories/22241http://securityreason.com/securityalert/1680http://www.securityfocus.com/archive/1/447424/100/0/threadedhttp://www.securityfocus.com/bid/20278https://exchange.xforce.ibmcloud.com/vulnerabilities/29294
2006-10-05
Published