Vulnerabilities > CVE-2005-4224 - SQL-Injection vulnerability in E107 0.7

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

e107

NVD

Published: 2005-12-14

Updated: 2018-10-19

Summary

Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php.

Vulnerable Configurations

Part	Description	Count
Application	E107 E107 E107 0.7	1

References

http://glide.stanford.edu/yichen/research/sec.pdf
http://secunia.com/advisories/18023/
http://www.osvdb.org/21657
http://www.osvdb.org/21658
http://www.osvdb.org/21659
http://www.osvdb.org/21660
http://www.securityfocus.com/archive/1/419280/100/0/threaded
http://www.securityfocus.com/archive/1/419487/100/0/threaded
http://www.vupen.com/english/advisories/2005/2861