Opial Multiple Input Validation Vulnerabilities

Bugtraq ID:	53288
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 27 2012 12:00AM
Updated:	Apr 27 2012 12:00AM
Credit:	the_storm
Vulnerable:	Opial Opial 2.0
Not Vulnerable:

Opial Multiple Input Validation Vulnerabilities

Opial is prone to multiple input-validation vulnerabilities, including:

1. Multiple SQL injection vulnerabilities
2. Multiple HTML injection vulnerabilities
3. Multiple arbitrary-file-upload vulnerabilities

Exploiting these issues could allow attackers to steal cookie-based authentication credentials, compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database.

Opial 2.0 is vulnerable; other versions may also be affected.

Opial Multiple Input Validation Vulnerabilities

An attacker can use a browser to exploit these issues.

The following exploit URIs are available:

• /data/vulnerabilities/exploits/53288.txt

Opial Multiple Input Validation Vulnerabilities

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].