Olatedownload Security Vulnerabilities and Issues — Olatedownload CVE List

OlateOlatedownload

7 matches found

CVE•added 2007/08/18 9:0 p.m.•50 views

CVE-2007-4419

CVE-2007-4419 affects Olate Download (od) 3.4.1. Admin.php uses an OD3_AutoLogin cookie created from an MD5 hash of the admin username, user id, and group id, which can be guessed, enabling remote attackers to access the Admin area. In the provided sources, the vulnerability details are limited t...

9.3CVSS6.9AI score0.04831EPSS

CVE•added 2006/10/02 11:0 p.m.•42 views

CVE-2006-5144

CVE-2006-5144 is a reported XSS vulnerability in OlateDownload 3.4.0, specifically in userupload.php where arbitrary HTML/script can be injected via the description_small parameter. The vulnerability is described across multiple sources (NVD/NVD listing, CVE records) with CVSS 2.0 base score 6.8 ...

6.8CVSS5.9AI score0.01252EPSS

CVE•added 2007/08/18 9:0 p.m.•42 views

CVE-2007-4421

CVE-2007-4421 affects Olate Download (od) 3.4.1. The vulnerability is a SQL injection in Admin.php exploitable via an OD3_AutoLogin cookie, enabling remote attackers to execute arbitrary SQL commands. Root cause is the unsafely handled cookie value in the Admin.php flow, leading to compromised da...

9.3CVSS8.4AI score0.02253EPSS

CVE•added 2007/08/21 6:0 p.m.•42 views

CVE-2007-4454

CVE-2007-4454 affects Olate Download (od) 3.4.1 via an eval injection in environment.php. A crafted version string can cause code execution, using either PDO::ATTR_SERVER_VERSION or PDO::ATTR_CLIENT_VERSION. The available documents confirm the vulnerability and potential impact; no remediation de...

6.8CVSS7.6AI score0.02349EPSS

CVE•added 2006/10/02 11:0 p.m.•40 views

CVE-2006-5145

CVE-2006-5145 affects OlateDownload 3.4.0. The vulnerability arises from input handling in two parameters: (1) details.php: page and (2) search.php: query, enabling remote attackers to execute arbitrary SQL commands (SQL injection). Impact is remote code or data access as described in the CVE; th...

7.5CVSS8.9AI score0.0109EPSS

CVE•added 2007/08/27 9:0 p.m.•40 views

CVE-2007-4541

CVE-2007-4541 concerns Olate Download (od) 3.4.2. The vulnerability arises from multiple cross-site scripting (XSS) flaws: (1) using the PHP_SELF variable in modules/core/uim.php and (2) [url] tags within a comment in modules/core/fldm.php. These flaws allow remote attackers to inject arbitrary w...

4.3CVSS5.8AI score0.00777EPSS

CVE•added 2007/08/27 9:0 p.m.•36 views

CVE-2007-4540

CVE-2007-4540 affects Olate Download (od) 3.4.2, specifically the download.php module. The vulnerability comprises multiple SQL injection flaws that can be triggered by crafted HTTP headers (HTTP_REFERER or HTTP_USER_AGENT), allowing remote attackers to execute arbitrary SQL commands. The connect...

7.5CVSS8.5AI score0.01252EPSS