PT-2006-5883 · Olate · Olate Download

Hessam Salehi

Publicado

2006-10-02

Atualizado

2018-10-17

CVE-2006-5145

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OlateDownload version 3.4.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the page parameter in "details.php" or the query parameter in "search.php".

Recommendations For OlateDownload version 3.4.0, update to a version that fixes the SQL injection vulnerabilities in details.php and search.php. As a temporary workaround, consider restricting access to the details.php and search.php files until a patch is available. Avoid using the page parameter in details.php and the query parameter in search.php until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-5145

Produtos afetados

Olate Download

PT-2006-5883 · Olate · Olate Download

CVE-2006-5145

Identificadores relacionados

Produtos afetados

Referências · 8