Opial

CVEs (4)

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2009-3753	0.03	—	0.03	Oct 22, 2009	Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php.
CVE-2009-3752	0.03	—	0.00	Oct 22, 2009	SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter.
CVE-2009-3751	0.03	—	0.02	Oct 22, 2009	Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 allows remote attackers to inject arbitrary web script or HTML via the genres_parent parameter.
CVE-2009-2340	0.03	—	0.00	Jul 7, 2009	SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information.

CVE-2009-3753Oct 22, 2009
risk 0.03cvss —epss 0.03
Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php.
CVE-2009-3752Oct 22, 2009
risk 0.03cvss —epss 0.00
SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter.
CVE-2009-3751Oct 22, 2009
risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 allows remote attackers to inject arbitrary web script or HTML via the genres_parent parameter.
CVE-2009-2340Jul 7, 2009
risk 0.03cvss —epss 0.00
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information.