Olate : Security Vulnerabilities, CVEs, CVSS score >= 7

CVE-2007-4540

Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header.
Max CVSS
7.5
EPSS Score
0.30%
Published
2007-08-27
Updated
2018-10-15

CVE-2007-4421

SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie.
Max CVSS
9.3
EPSS Score
0.76%
Published
2007-08-18
Updated
2018-10-15

CVE-2007-4419

Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
Max CVSS
9.3
EPSS Score
11.66%
Published
2007-08-18
Updated
2018-10-15

CVE-2006-5145

Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.
Max CVSS
7.5
EPSS Score
0.50%
Published
2006-10-05
Updated
2018-10-17
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close