CVE-2006-4757

Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:S/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show
http://securityreason.com/securityalert/1569
http://www.securityfocus.com/archive/1/445005/100/100/threaded
http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show
http://securityreason.com/securityalert/1569
http://www.securityfocus.com/archive/1/445005/100/100/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:e107:e107::::::::
	cpe:2.3:a:e107:e107:0.6_10:::::::*
	cpe:2.3:a:e107:e107:0.6_11:::::::*
	cpe:2.3:a:e107:e107:0.6_12:::::::*
	cpe:2.3:a:e107:e107:0.6_13:::::::*
	cpe:2.3:a:e107:e107:0.6_14:::::::*
	cpe:2.3:a:e107:e107:0.6_15:::::::*
	cpe:2.3:a:e107:e107:0.6_15a:::::::*
	cpe:2.3:a:e107:e107:0.7:::::::*
	cpe:2.3:a:e107:e107:0.7.1:::::::*
	cpe:2.3:a:e107:e107:0.7.2:::::::*
	cpe:2.3:a:e107:e107:0.7.3:::::::*
	cpe:2.3:a:e107:e107:0.7.4:::::::*
	cpe:2.3:a:e107:e107:0.545:::::::*
	cpe:2.3:a:e107:e107:0.547_beta:::::::*
	cpe:2.3:a:e107:e107:0.548_beta:::::::*
	cpe:2.3:a:e107:e107:0.549_beta:::::::*
	cpe:2.3:a:e107:e107:0.551_beta:::::::*
	cpe:2.3:a:e107:e107:0.552_beta:::::::*
	cpe:2.3:a:e107:e107:0.553_beta:::::::*
	cpe:2.3:a:e107:e107:0.554:::::::*
	cpe:2.3:a:e107:e107:0.554_beta:::::::*
	cpe:2.3:a:e107:e107:0.555_beta:::::::*
	cpe:2.3:a:e107:e107:0.600:::::::*
	cpe:2.3:a:e107:e107:0.601:::::::*
	cpe:2.3:a:e107:e107:0.602:::::::*
	cpe:2.3:a:e107:e107:0.603:::::::*
	cpe:2.3:a:e107:e107:0.604:::::::*
	cpe:2.3:a:e107:e107:0.605:::::::*
	cpe:2.3:a:e107:e107:0.606:::::::*
	cpe:2.3:a:e107:e107:0.607:::::::*
	cpe:2.3:a:e107:e107:0.608:::::::*
	cpe:2.3:a:e107:e107:0.609:::::::*
	cpe:2.3:a:e107:e107:0.610:::::::*
	cpe:2.3:a:e107:e107:0.611:::::::*
	cpe:2.3:a:e107:e107:0.612:::::::*
	cpe:2.3:a:e107:e107:0.613:::::::*
	cpe:2.3:a:e107:e107:0.614:::::::*
	cpe:2.3:a:e107:e107:0.615:::::::*
	cpe:2.3:a:e107:e107:0.615a:::::::*
	cpe:2.3:a:e107:e107:0.616:::::::*
	cpe:2.3:a:e107:e107:0.617:::::::*
	cpe:2.3:a:e107:e107:0.6171:::::::*
	cpe:2.3:a:e107:e107:0.6172:::::::*
	cpe:2.3:a:e107:e107:0.6173:::::::*
	cpe:2.3:a:e107:e107:0.6174:::::::*
	cpe:2.3:a:e107:e107:0.6175:::::::*

History

21 Nov 2024, 00:16

Type	Values Removed	Values Added
References	~~() http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show -~~	() http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show -
References	~~() http://securityreason.com/securityalert/1569 -~~	() http://securityreason.com/securityalert/1569 -
References	~~() http://www.securityfocus.com/archive/1/445005/100/100/threaded -~~	() http://www.securityfocus.com/archive/1/445005/100/100/threaded -

Information

Published : 2006-09-13 23:07

Updated : 2024-11-21 00:16

NVD link : CVE-2006-4757

Mitre link : CVE-2006-4757

CVE.ORG link : CVE-2006-4757

JSON object : View

Products Affected

e107

e107

CWE

NVD-CWE-Other

4.6 /10