Olate Download Environment.PHP Arbitrary Script Code Execution Vulnerability
BID:25356
Info
Olate Download Environment.PHP Arbitrary Script Code Execution Vulnerability
| Bugtraq ID: | 25356 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4454 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 17 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | imei Addmimistrator is credited with the discovery of this vulnerability. |
| Vulnerable: |
Olate Download 3.4.1 |
| Not Vulnerable: |
Olate Download 3.4.2 |
Discussion
Olate Download Environment.PHP Arbitrary Script Code Execution Vulnerability
Olate Download is prone to a vulnerability that lets attackers execute arbitrary script code. This issue occurs because the application fails to properly sanitize user-supplied input before using it in a PHP 'eval' statement.
Successfully exploiting this issue allows remote attackers to execute arbitrary PHP script code in the context of the webserver hosting the vulnerable application. This facilitates the remote compromise of affected computers.
Versions prior to Olate Download 3.4.2 are vulnerable.
Olate Download is prone to a vulnerability that lets attackers execute arbitrary script code. This issue occurs because the application fails to properly sanitize user-supplied input before using it in a PHP 'eval' statement.
Successfully exploiting this issue allows remote attackers to execute arbitrary PHP script code in the context of the webserver hosting the vulnerable application. This facilitates the remote compromise of affected computers.
Versions prior to Olate Download 3.4.2 are vulnerable.
Exploit / POC
Olate Download Environment.PHP Arbitrary Script Code Execution Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Olate Download Environment.PHP Arbitrary Script Code Execution Vulnerability
Solution:
The vendor released Olate Download 3.4.2 to address this issue. Please see the references for more information.
Olate Download 3.4.1
Solution:
The vendor released Olate Download 3.4.2 to address this issue. Please see the references for more information.
Olate Download 3.4.1
-
Olate OlateDownload-3.4.2.zip
http://downloads.sourceforge.net/olatedownload/OlateDownload-3.4.2.zip ?modtime=1187569064&big_mirror=0
References
Olate Download Environment.PHP Arbitrary Script Code Execution Vulnerability
References:
References:
- Olate Download Homepage (Olate)
- Olate Download 3.4.1~environment.php.php~Code Execution ("imei Addmimistrator"
- Olate Download 3.4.1 ~ environment.php.php ~ Code Execution (imei addmimistrator)