OlateDownload Multiple Input Validation Vulnerabilities

vendor:

OlateDownload

by:

SecurityFocus

8.3

CVSS

HIGH

HTML-injection and SQL-injection

89, 94

CWE

Product Name: OlateDownload

Affected Version From: 3.4.2000

Affected Version To: 3.4.2000

Patch Exists: YES

Related CWE: N/A

CPE: OlateDownload

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

OlateDownload Multiple Input Validation Vulnerabilities

OlateDownload is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to inject hostile HTML and script code into vulnerable sections of the application, steal cookie-based authentication credentials from legitimate users of the site, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being used in the application.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20278/info
 
OlateDownload is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. 
 
A successful exploit of these vulnerabilities could allow an attacker to inject hostile HTML and script code into vulnerable sections of the application, steal cookie-based authentication credentials from legitimate users of the site, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
 
OlateDownload version 3.4.0 is vulnerable.

http://www.example.com/search.php?query=%BF%27%22%28