Vulnerabilities > CVE-2007-4454 - Unspecified vulnerability in Olate Olatedownload 3.4.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
olate
Summary
Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html
- http://securityreason.com/securityalert/3038
- http://sourceforge.net/project/shownotes.php?group_id=188052&release_id=533628
- http://www.securityfocus.com/archive/1/476925/100/0/threaded
- http://www.securityfocus.com/archive/1/477223/100/0/threaded
- http://www.securityfocus.com/bid/25356
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36087