Vulnerabilities > CVE-2007-4421 - SQL Injection vulnerability in Olate Olatedownload 3.4.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html
- http://osvdb.org/39712
- http://secunia.com/advisories/26533
- http://securityreason.com/securityalert/3028
- http://sourceforge.net/forum/forum.php?forum_id=727807
- http://sourceforge.net/project/shownotes.php?group_id=188052&release_id=533628
- http://sourceforge.net/project/shownotes.php?release_id=533628&group_id=188052
- http://www.securityfocus.com/archive/1/476760/100/0/threaded
- http://www.securityfocus.com/archive/1/477223/100/0/threaded
- http://www.securityfocus.com/bid/25384
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36089