Vulnerabilities > CVE-2007-4454 - Unspecified vulnerability in Olate Olatedownload 3.4.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html
- http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html
- http://securityreason.com/securityalert/3038
- http://securityreason.com/securityalert/3038
- http://sourceforge.net/project/shownotes.php?group_id=188052&release_id=533628
- http://sourceforge.net/project/shownotes.php?group_id=188052&release_id=533628
- http://www.securityfocus.com/archive/1/476925/100/0/threaded
- http://www.securityfocus.com/archive/1/476925/100/0/threaded
- http://www.securityfocus.com/archive/1/477223/100/0/threaded
- http://www.securityfocus.com/archive/1/477223/100/0/threaded
- http://www.securityfocus.com/bid/25356
- http://www.securityfocus.com/bid/25356
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36087
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36087