ID CVE-2006-4757
Summary Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access." Successful exploitation requires that the attacker have Administrative rights.
References
Vulnerable Configurations
  • cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:-:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:-:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.547_beta:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.547_beta:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.548_beta:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.548_beta:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.549_beta:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.549_beta:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.551_beta:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.551_beta:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.552_beta:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.552_beta:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.553_beta:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.553_beta:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 17-10-2018 - 21:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:S/C:P/I:P/A:P
refmap via4
bugtraq 20060901 Sql injections in e107 [Admin section]
misc http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show
sreason 1569
Last major update 17-10-2018 - 21:39
Published 13-09-2006 - 23:07
Last modified 17-10-2018 - 21:39
Back to Top