CVE-2005-4224 - Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execu

CVE-2005-4224

Summary

Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php.

References

Vulnerable Configurations

cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-10-2018 - 15:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities 20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities
misc	http://glide.stanford.edu/yichen/research/sec.pdf
osvdb	21657 21658 21659 21660
secunia	18023
vupen	ADV-2005-2861

Last major update

19-10-2018 - 15:40

Published

14-12-2005 - 11:03

Last modified

19-10-2018 - 15:40