Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2011-11-04 21:55
Updated : 2024-02-28 11:41
NVD link : CVE-2011-1513
Mitre link : CVE-2011-1513
CVE.ORG link : CVE-2011-1513
JSON object : View
Products Affected
e107
- e107
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')