4.3
CVE-2009-3048
- EPSS 0.32%
- Veröffentlicht 02.09.2009 17:30:01
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opera ≫ Opera Browser Updatebeta3 Version <= 10.00
Opera ≫ Opera Browser Version2.10 Updatebeta1
Opera ≫ Opera Browser Version2.10 Updatebeta2
Opera ≫ Opera Browser Version2.10 Updatebeta3
Opera ≫ Opera Browser Version3.00 Updatebeta
Opera ≫ Opera Browser Version3.62 Updatebeta
Opera ≫ Opera Browser Version4.00 Updatebeta2
Opera ≫ Opera Browser Version4.00 Updatebeta3
Opera ≫ Opera Browser Version4.00 Updatebeta4
Opera ≫ Opera Browser Version4.00 Updatebeta5
Opera ≫ Opera Browser Version4.00 Updatebeta6
Opera ≫ Opera Browser Version5.0 Updatebeta2
Opera ≫ Opera Browser Version5.0 Updatebeta3
Opera ≫ Opera Browser Version5.0 Updatebeta4
Opera ≫ Opera Browser Version5.0 Updatebeta5
Opera ≫ Opera Browser Version5.0 Updatebeta6
Opera ≫ Opera Browser Version5.0 Updatebeta7
Opera ≫ Opera Browser Version5.0 Updatebeta8
Opera ≫ Opera Browser Version6.0 Updatebeta1
Opera ≫ Opera Browser Version6.0 Updatebeta2
Opera ≫ Opera Browser Version6.0 Updatetp1
Opera ≫ Opera Browser Version6.0 Updatetp2
Opera ≫ Opera Browser Version6.0 Updatetp3
Opera ≫ Opera Browser Version6.1 Updatebeta1
Opera ≫ Opera Browser Version7.0 Updatebeta1
Opera ≫ Opera Browser Version7.0 Updatebeta1_v2
Opera ≫ Opera Browser Version7.0 Updatebeta2
Opera ≫ Opera Browser Version7.10 Updatebeta1
Opera ≫ Opera Browser Version7.11 Updatebeta2
Opera ≫ Opera Browser Version7.20 Updatebeta7
Opera ≫ Opera Browser Version7.50 Updatebeta1
Opera ≫ Opera Browser Version7.54 Updateupdate1
Opera ≫ Opera Browser Version7.54 Updateupdate2
Opera ≫ Opera Browser Version8.0 Updatebeta1
Opera ≫ Opera Browser Version8.0 Updatebeta2
Opera ≫ Opera Browser Version8.0 Updatebeta3
Opera ≫ Opera Browser Version9.0 Updatebeta1
Opera ≫ Opera Browser Version9.0 Updatebeta2
Opera ≫ Opera Browser Version9.20 Updatebeta1
Opera ≫ Opera Browser Version9.50 Updatebeta1
Opera ≫ Opera Browser Version9.50 Updatebeta2
Opera ≫ Opera Browser Version9.60 Updatebeta1
Opera ≫ Opera Browser Version10.00 Updatealpha
Opera ≫ Opera Browser Version10.00 Updatebeta1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.549 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.