Vulnerability   
Search   
    Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56758
Category:CGI abuses
Title:E107 SQL Injection Vulnerability
Summary:NOSUMMARY
Description:Description:

The remote host, according to the version number, has a vulnerable
version of e107 web content management software installed.

The flaw allows attackers to perform SQL injection attacks via
cookies that are insufficiently sanitized, allowing easy access
to administrative functions.

Versions up to and including 0.7.2 are vulnerable.

Solution : Upgrade to a later version.
http://e107.org

Risk factor : High

CVSS Score:
5.1

Cross-Ref: BugTraq ID: 17966
Common Vulnerability Exposure (CVE) ID: CVE-2006-2416
http://www.securityfocus.com/bid/17966
Bugtraq: 20060513 SQL-Injection in e107 allows attacker to become a site admininstrator (Google Search)
http://www.securityfocus.com/archive/1/433938/100/0/threaded
http://www.osvdb.org/25521
http://secunia.com/advisories/20089
http://securityreason.com/securityalert/905
http://www.vupen.com/english/advisories/2006/1802
XForce ISS Database: e107-cookie-sql-injection(26434)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26434
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.