Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4540

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4540
Last Modified 15 Nov 2008 01:57:26
Published 27 Aug 2007 05:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4540

Summary

Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header.

Vulnerable Systems

Application

  • Olatedownload 3.4.2


References

XF - olatedownload-download-sql-injection(36214)

BID - 25410

BUGTRAQ - 20070822 Olate Download 3.4.2~download.php ~ sql injection

OSVDB - 38581

MISC - http://myimei.com/security/2007-08-22/olate-download-342downloadphp-sql-injection.html

SREASON - 3062


Last Updated: 27 May 2016 10:45:54