Improper input validation in Conectiva Linux
CVE-2009-3048
Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.017 (74.0th percentile) — read the EPSS interpretation.
Affected products
- Conectiva Linux
- Freebsd
- Opera Opera_browser — versions 1.00, 2.00, 2.10
- Sun Solaris
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (signature, x_refsource_OVAL, vdb-entry)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)