cbcvebase.

Olate Olatedownload vulnerabilities

7 known vulnerabilities affecting olate/olatedownload.

Total CVEs
7
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2007-4419P3CRITICALCVSS 9.3PoCv3.4.12007-08-18
CVE-2007-4419 [CRITICAL] CWE-287 CVE-2007-4419: Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
nvd
CVE-2006-5145P3HIGHCVSS 7.5PoCv3.4.02006-10-05
CVE-2006-5145 [HIGH] CVE-2006-5145: Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbi Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.
nvd
CVE-2007-4421P3CRITICALCVSS 9.3v3.4.12007-08-18
CVE-2007-4421 [CRITICAL] CVE-2007-4421: SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to exe SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie.
nvd
CVE-2007-4540P3HIGHCVSS 7.5v3.4.22007-08-27
CVE-2007-4540 [HIGH] CWE-89 CVE-2007-4540: Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote att Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header.
nvd
CVE-2007-4454P4MEDIUMCVSS 6.8v3.4.12007-08-21
CVE-2007-4454 [MEDIUM] CVE-2007-4454: Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependen Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute.
nvd
CVE-2006-5144P4MEDIUMCVSS 6.8v3.4.02006-10-05
CVE-2006-5144 [MEDIUM] CVE-2006-5144: Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote atta Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter.
nvd
CVE-2007-4541P4MEDIUMCVSS 4.3v3.4.22007-08-27
CVE-2007-4541 [MEDIUM] CWE-352 CVE-2007-4541: Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attack Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php.
nvd
Olate Olatedownload vulnerabilities | cvebase