5 matches found
Sql injection
SQL injection vulnerability in Admin.php in Olate Download od 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3AutoLogin cookie...
CVE-2007-4421
SQL injection vulnerability in Admin.php in Olate Download od 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3AutoLogin cookie...
CVE-2007-4421
SQL injection vulnerability in Admin.php in Olate Download od 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3AutoLogin cookie...
CVE-2007-4419
CVE-2007-4419 affects Olate Download (od) 3.4.1. Admin.php uses an OD3_AutoLogin cookie created from an MD5 hash of the admin username, user id, and group id, which can be guessed, enabling remote attackers to access the Admin area. In the provided sources, the vulnerability details are limited t...
CVE-2007-4421
CVE-2007-4421 affects Olate Download (od) 3.4.1. The vulnerability is a SQL injection in Admin.php exploitable via an OD3_AutoLogin cookie, enabling remote attackers to execute arbitrary SQL commands. Root cause is the unsafely handled cookie value in the Admin.php flow, leading to compromised da...