Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:26
Type | Values Removed | Values Added |
---|---|---|
References | () http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931&r2=12376&pathrev=12376 - Patch | |
References | () http://www.coresecurity.com/content/e107-cms-script-command-injection - Exploit, Patch | |
References | () http://www.securityfocus.com/bid/50339 - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/70921 - |
Information
Published : 2011-11-04 21:55
Updated : 2024-11-21 01:26
NVD link : CVE-2011-1513
Mitre link : CVE-2011-1513
CVE.ORG link : CVE-2011-1513
JSON object : View
Products Affected
e107
- e107
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')