Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2006-09-13 23:07
Updated : 2024-02-28 10:42
NVD link : CVE-2006-4757
Mitre link : CVE-2006-4757
CVE.ORG link : CVE-2006-4757
JSON object : View
Products Affected
e107
- e107
CWE