Vulnerabilities > Opial
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-10-22 | CVE-2009-3753 | Improper Input Validation vulnerability in Opial 1.0 Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php. | 7.5 |
| 2009-10-22 | CVE-2009-3752 | SQL Injection vulnerability in Opial 1.0 SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter. | 7.5 |
| 2009-10-22 | CVE-2009-3751 | Cross-Site Scripting vulnerability in Opial 1.0 Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 allows remote attackers to inject arbitrary web script or HTML via the genres_parent parameter. | 4.3 |
| 2009-07-07 | CVE-2009-2340 | SQL Injection vulnerability in Opial 1.0 SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. | 7.5 |
| 2006-09-28 | CVE-2006-5056 | Cross-Site Scripting vulnerability in Opial Audio Video Download Management 1.0 Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view. | 5.1 |