Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:16
Type | Values Removed | Values Added |
---|---|---|
References | () http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show - | |
References | () http://securityreason.com/securityalert/1569 - | |
References | () http://www.securityfocus.com/archive/1/445005/100/100/threaded - |
Information
Published : 2006-09-13 23:07
Updated : 2024-11-21 00:16
NVD link : CVE-2006-4757
Mitre link : CVE-2006-4757
CVE.ORG link : CVE-2006-4757
JSON object : View
Products Affected
e107
- e107
CWE