CVE-2009-3048Improper Input Validation in Browser

CWE-20Improper Input Validation3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 44.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opera Browser
Timeline
PublishedSep 2
Latest updateMay 2

Description

Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDopera/opera_browser10.00+76

🔴Vulnerability Details

2
GHSA
GHSA-9hgg-vhrm-7vx2: Opera before 102022-05-02
CVEList
CVE-2009-3048: Opera before 102009-09-02
CVE-2009-3048 — Improper Input Validation in Browser | cvebase