CVE-2005-4224

Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://glide.stanford.edu/yichen/research/sec.pdf
http://secunia.com/advisories/18023/	Vendor Advisory
http://www.osvdb.org/21657
http://www.osvdb.org/21658
http://www.osvdb.org/21659
http://www.osvdb.org/21660
http://www.securityfocus.com/archive/1/419280/100/0/threaded
http://www.securityfocus.com/archive/1/419487/100/0/threaded
http://www.vupen.com/english/advisories/2005/2861

Configurations

Configuration 1 (hide)

cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-12-14 11:03

Updated : 2024-02-28 10:42

NVD link : CVE-2005-4224

Mitre link : CVE-2005-4224

CVE.ORG link : CVE-2005-4224

JSON object : View

Products Affected

e107

e107

CWE

NVD-CWE-Other

{"id": "CVE-2005-4224", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-12-14T11:03:00.000", "references": [{"url": "http://glide.stanford.edu/yichen/research/sec.pdf", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18023/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/21657", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/21658", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/21659", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/21660", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2005/2861", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple \"potential\" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php."}], "lastModified": "2018-10-19T15:40:37.347", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}