|Title:||E107 SQL Injection Vulnerability|
The remote host, according to the version number, has a vulnerable
version of e107 web content management software installed.
The flaw allows attackers to perform SQL injection attacks via
cookies that are insufficiently sanitized, allowing easy access
to administrative functions.
Versions up to and including 0.7.2 are vulnerable.
Solution : Upgrade to a later version.
Risk factor : High
BugTraq ID: 17966|
Common Vulnerability Exposure (CVE) ID: CVE-2006-2416
Bugtraq: 20060513 SQL-Injection in e107 allows attacker to become a site admininstrator (Google Search)
XForce ISS Database: e107-cookie-sql-injection(26434)
|Copyright||Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com|
|This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.