Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."
References
Link | Resource |
---|---|
http://www.opera.com/support/kb/view/931/ | Vendor Advisory |
http://www.opera.com/docs/changelogs/freebsd/1000/ | Vendor Advisory |
http://www.opera.com/docs/changelogs/solaris/1000/ | Vendor Advisory |
http://www.opera.com/docs/changelogs/linux/1000/ | Vendor Advisory |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5679 |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2009-09-02 10:30
Updated : 2017-09-18 18:29
NVD link : CVE-2009-3048
Mitre link : CVE-2009-3048
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
opera
- opera_browser
freebsd
- freebsd
conectiva
- linux
sun
- solaris