Vulnerability CVE-2007-4541


Published: 2007-08-27   Modified: 2012-02-12

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Olate Download 3.4.2~modules/core/fldm.php~comments tag [url] XSS
imei Addmimistra...
31.08.2007

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

Vendor: Olate
Product: Olatedownload 
Version: 3.4.2;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://myimei.com/security/2007-08-22/olate-download-342modulescorefldmphpcomments-tag-url-xss.html
http://myimei.com/security/2007-08-22/olate-download-342modulescoreuimphpxss.html
http://securityreason.com/securityalert/3076
http://www.securityfocus.com/archive/1/477337/100/0/threaded
http://www.securityfocus.com/archive/1/477338/100/0/threaded
http://www.securityfocus.com/bid/25412
https://exchange.xforce.ibmcloud.com/vulnerabilities/36196
https://exchange.xforce.ibmcloud.com/vulnerabilities/36197

Related CVE
CVE-2007-4540
Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header.
CVE-2007-4454
Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION ...
CVE-2007-4419
Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
CVE-2007-4421
SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie.
CVE-2006-5144
Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter.
CVE-2006-5145
Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.
CVE-2006-3342
Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd.

Copyright 2019, cxsecurity.com

 

Back to Top