Vulnerabilities > CVE-2006-4548 - Remote Security vulnerability in e107

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

e107

NVD

Published: 2006-09-06

Updated: 2018-10-17

Summary

e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107.

Vulnerable Configurations

Part	Description	Count
Application	E107 E107 E107 0.7 E107 E107 0.7.1 E107 E107 0.7.2 E107 E107 0.7.3 E107 E107 0.7.4 E107 E107 0.7.5	6

Summary

Vulnerable Configurations

References