Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Olatedownload | Olate | 3.4.0 (including) | 3.4.0 (including) |
References
- http://secunia.com/advisories/22241
- http://securityreason.com/securityalert/1680
- http://www.securityfocus.com/archive/1/447424/100/0/threaded
- http://www.securityfocus.com/bid/20278
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29294
- http://secunia.com/advisories/22241
- http://securityreason.com/securityalert/1680
- http://www.securityfocus.com/archive/1/447424/100/0/threaded
- http://www.securityfocus.com/bid/20278
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29294