vendor:
Opial
by:
LMaster
5.5
CVSS
MEDIUM
Arbitrary File Upload, XSS, SQL Injection
CWE
Product Name: Opial
Affected Version From: Opial 1.0
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2009
Opial 1.0 Arbitrary File Upload & XSS & SQL Injection (genres_parent)
This exploit allows an attacker to perform arbitrary file upload, XSS, and SQL injection attacks on the Opial 1.0 website.
Mitigation:
Implement input validation and sanitization to prevent arbitrary file uploads, XSS, and SQL injection attacks. Regularly update the software to patch any known vulnerabilities.