All the vulnerabilites related to e107 - e107
cve-2005-2559
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-07 22:30
Severity ?
EPSS score ?
Summary
doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&" in the eping_host parameter, which is not handled by the validation function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://e107plugins.co.uk/news.php | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=112328161319148&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107plugins.co.uk/news.php"
},
{
"name": "20050805 Vulnerability in ePing and eTrace plugins of e107",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112328161319148\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as \"\u003e\" and \"\u0026\" in the eping_host parameter, which is not handled by the validation function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107plugins.co.uk/news.php"
},
{
"name": "20050805 Vulnerability in ePing and eTrace plugins of e107",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112328161319148\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as \"\u003e\" and \"\u0026\" in the eping_host parameter, which is not handled by the validation function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://e107plugins.co.uk/news.php",
"refsource": "CONFIRM",
"url": "http://e107plugins.co.uk/news.php"
},
{
"name": "20050805 Vulnerability in ePing and eTrace plugins of e107",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112328161319148\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2559",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16388
Vulnerability from cvelistv5
Published
2018-09-12 16:00
Modified
2024-08-05 10:24
Severity ?
EPSS score ?
Summary
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/ommadawn46/5cb22e7c66cc32a5c7734a8064b4d3f5 | x_refsource_MISC | |
| https://github.com/e107inc/e107/commit/e5bb5297f68e56537c004cdbb48a30892e9f6f4c | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/ommadawn46/5cb22e7c66cc32a5c7734a8064b4d3f5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/e107inc/e107/commit/e5bb5297f68e56537c004cdbb48a30892e9f6f4c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/ommadawn46/5cb22e7c66cc32a5c7734a8064b4d3f5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/e107inc/e107/commit/e5bb5297f68e56537c004cdbb48a30892e9f6f4c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/ommadawn46/5cb22e7c66cc32a5c7734a8064b4d3f5",
"refsource": "MISC",
"url": "https://gist.github.com/ommadawn46/5cb22e7c66cc32a5c7734a8064b4d3f5"
},
{
"name": "https://github.com/e107inc/e107/commit/e5bb5297f68e56537c004cdbb48a30892e9f6f4c",
"refsource": "CONFIRM",
"url": "https://github.com/e107inc/e107/commit/e5bb5297f68e56537c004cdbb48a30892e9f6f4c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16388",
"datePublished": "2018-09-12T16:00:00",
"dateReserved": "2018-09-02T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1702
Vulnerability from cvelistv5
Published
2008-04-08 18:00
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41433 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/490041/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.exploit-db.com/exploits/5308 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/29493 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/3801 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/28440 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mygallery-dload-file-download(41433)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41433"
},
{
"name": "20080325 e107 My_Gallery Plugin Arbitrary File Download Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490041/100/0/threaded"
},
{
"name": "5308",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5308"
},
{
"name": "29493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29493"
},
{
"name": "3801",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3801"
},
{
"name": "28440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mygallery-dload-file-download(41433)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41433"
},
{
"name": "20080325 e107 My_Gallery Plugin Arbitrary File Download Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490041/100/0/threaded"
},
{
"name": "5308",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5308"
},
{
"name": "29493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29493"
},
{
"name": "3801",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3801"
},
{
"name": "28440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28440"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mygallery-dload-file-download(41433)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41433"
},
{
"name": "20080325 e107 My_Gallery Plugin Arbitrary File Download Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490041/100/0/threaded"
},
{
"name": "5308",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5308"
},
{
"name": "29493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29493"
},
{
"name": "3801",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3801"
},
{
"name": "28440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28440"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1702",
"datePublished": "2008-04-08T18:00:00",
"dateReserved": "2008-04-08T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-17081
Vulnerability from cvelistv5
Published
2018-09-26 21:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/himanshurahi/e107_2.1.9_CSRF_POC | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/himanshurahi/e107_2.1.9_CSRF_POC"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=\u0026action=inline\u0026ajax_used=1\u0026id= for changing the title of an arbitrary page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himanshurahi/e107_2.1.9_CSRF_POC"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=\u0026action=inline\u0026ajax_used=1\u0026id= for changing the title of an arbitrary page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/himanshurahi/e107_2.1.9_CSRF_POC",
"refsource": "MISC",
"url": "https://github.com/himanshurahi/e107_2.1.9_CSRF_POC"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17081",
"datePublished": "2018-09-26T21:00:00",
"dateReserved": "2018-09-16T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5786
Vulnerability from cvelistv5
Published
2006-11-07 23:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30030 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/20913 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/2711 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "e107-gsitemap-file-include(30030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30030"
},
{
"name": "20913",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20913"
},
{
"name": "2711",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2711"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via \"..\" sequences in the e107language_e107cookie cookie to gsitemap.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "e107-gsitemap-file-include(30030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30030"
},
{
"name": "20913",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20913"
},
{
"name": "2711",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2711"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via \"..\" sequences in the e107language_e107cookie cookie to gsitemap.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "e107-gsitemap-file-include(30030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30030"
},
{
"name": "20913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20913"
},
{
"name": "2711",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2711"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5786",
"datePublished": "2006-11-07T23:00:00",
"dateReserved": "2006-11-07T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4947
Vulnerability from cvelistv5
Published
2012-08-31 22:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/03/28/4 | mailing-list, x_refsource_MLIST | |
| https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html | x_refsource_MISC | |
| http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306 | x_refsource_CONFIRM | |
| http://e107.org/svn_changelog.php?version=0.7.26 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/03/29/3 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68062 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120328 CVE-request: e107 HTB23004",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225\u0026r2=12306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/svn_changelog.php?version=0.7.26"
},
{
"name": "[oss-security] 20120328 Re: CVE-request: e107 HTB23004",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/3"
},
{
"name": "e107-usersextended-xss(68062)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120328 CVE-request: e107 HTB23004",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225\u0026r2=12306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/svn_changelog.php?version=0.7.26"
},
{
"name": "[oss-security] 20120328 Re: CVE-request: e107 HTB23004",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/3"
},
{
"name": "e107-usersextended-xss(68062)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120328 CVE-request: e107 HTB23004",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/4"
},
{
"name": "https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html"
},
{
"name": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225\u0026r2=12306",
"refsource": "CONFIRM",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225\u0026r2=12306"
},
{
"name": "http://e107.org/svn_changelog.php?version=0.7.26",
"refsource": "CONFIRM",
"url": "http://e107.org/svn_changelog.php?version=0.7.26"
},
{
"name": "[oss-security] 20120328 Re: CVE-request: e107 HTB23004",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/3"
},
{
"name": "e107-usersextended-xss(68062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4947",
"datePublished": "2012-08-31T22:00:00",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:23:38.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1041
Vulnerability from cvelistv5
Published
2015-01-15 15:00
Modified
2024-08-06 04:33
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99898 | vdb-entry, x_refsource_XF | |
| https://github.com/e107inc/e107v1/issues/2 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2015/01/11/6 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/71977 | vdb-entry, x_refsource_BID | |
| http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2015/Jan/18 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:19.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html"
},
{
"name": "e107-filemanager-xss(99898)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99898"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/e107inc/e107v1/issues/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150111 Re: CVE Request -- CMS e107 v.1.0.4 -- Reflecting XSS vulnerability in filemanager functionality",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/6"
},
{
"name": "71977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71977"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html"
},
{
"name": "20150109 Reflecting XSS vulnerability in CMS e107 v. 1.0.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html"
},
{
"name": "e107-filemanager-xss(99898)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99898"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107v1/issues/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150111 Re: CVE Request -- CMS e107 v.1.0.4 -- Reflecting XSS vulnerability in filemanager functionality",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/6"
},
{
"name": "71977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71977"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html"
},
{
"name": "20150109 Reflecting XSS vulnerability in CMS e107 v. 1.0.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html"
},
{
"name": "e107-filemanager-xss(99898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99898"
},
{
"name": "https://github.com/e107inc/e107v1/issues/2",
"refsource": "MISC",
"url": "https://github.com/e107inc/e107v1/issues/2"
},
{
"name": "http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150111 Re: CVE Request -- CMS e107 v.1.0.4 -- Reflecting XSS vulnerability in filemanager functionality",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/6"
},
{
"name": "71977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71977"
},
{
"name": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html"
},
{
"name": "20150109 Reflecting XSS vulnerability in CMS e107 v. 1.0.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1041",
"datePublished": "2015-01-15T15:00:00",
"dateReserved": "2015-01-11T00:00:00",
"dateUpdated": "2024-08-06T04:33:19.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36121
Vulnerability from cvelistv5
Published
2023-08-01 00:00
Modified
2024-10-17 20:35
Severity ?
EPSS score ?
Summary
Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/51449"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/e107%20v2.3.2.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/6c6675d4-3254-46ce-a16d-26523ff80540"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/0a4743a5-491e-4685-95ee-df8316ab5284"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36121",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T20:35:46.472044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T20:35:54.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.exploit-db.com/exploits/51449"
},
{
"url": "https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/e107%20v2.3.2.md"
},
{
"url": "https://www.chtsecurity.com/news/6c6675d4-3254-46ce-a16d-26523ff80540"
},
{
"url": "https://www.chtsecurity.com/news/0a4743a5-491e-4685-95ee-df8316ab5284"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-36121",
"datePublished": "2023-08-01T00:00:00",
"dateReserved": "2023-06-21T00:00:00",
"dateUpdated": "2024-10-17T20:35:54.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1057
Vulnerability from cvelistv5
Published
2015-01-16 15:00
Modified
2024-08-06 04:33
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/show/osvdb/116692 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99627 | vdb-entry, x_refsource_XF | |
| http://www.exploit-db.com/exploits/35679 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "116692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/116692"
},
{
"name": "bootstrapcms-usersettings-xss(99627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99627"
},
{
"name": "35679",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/35679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the \"Real Name\" value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "116692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/116692"
},
{
"name": "bootstrapcms-usersettings-xss(99627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99627"
},
{
"name": "35679",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/35679"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the \"Real Name\" value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "116692",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/116692"
},
{
"name": "bootstrapcms-usersettings-xss(99627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99627"
},
{
"name": "35679",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35679"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1057",
"datePublished": "2015-01-16T15:00:00",
"dateReserved": "2015-01-16T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2327
Vulnerability from cvelistv5
Published
2005-07-20 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1014513 | vdb-entry, x_refsource_SECTRACK | |
| https://www.exploit-db.com/exploits/1106 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:48.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014513"
},
{
"name": "1106",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014513"
},
{
"name": "1106",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014513",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014513"
},
{
"name": "1106",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2327",
"datePublished": "2005-07-20T04:00:00",
"dateReserved": "2005-07-20T00:00:00",
"dateUpdated": "2024-08-07T22:22:48.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4052
Vulnerability from cvelistv5
Published
2005-12-07 11:00
Modified
2024-08-07 23:31
Severity ?
EPSS score ?
Summary
e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/418577/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/229 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/17890/ | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051205 [scip_Advisory] e107 v0.6 rate.php manipulation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/418577/100/0/threaded"
},
{
"name": "229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/229"
},
{
"name": "17890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17890/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051205 [scip_Advisory] e107 v0.6 rate.php manipulation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/418577/100/0/threaded"
},
{
"name": "229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/229"
},
{
"name": "17890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17890/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051205 [scip_Advisory] e107 v0.6 rate.php manipulation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418577/100/0/threaded"
},
{
"name": "229",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/229"
},
{
"name": "17890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17890/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4052",
"datePublished": "2005-12-07T11:00:00",
"dateReserved": "2005-12-07T00:00:00",
"dateUpdated": "2024-08-07T23:31:48.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-5186
Vulnerability from cvelistv5
Published
2012-09-20 10:00
Modified
2024-09-16 18:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/83371 | vdb-entry, x_refsource_OSVDB | |
| http://www.exploit-db.com/exploits/18056 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:30:46.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "83371",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/83371"
},
{
"name": "18056",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-20T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "83371",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/83371"
},
{
"name": "18056",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "83371",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/83371"
},
{
"name": "18056",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5186",
"datePublished": "2012-09-20T10:00:00Z",
"dateReserved": "2012-09-19T00:00:00Z",
"dateUpdated": "2024-09-16T18:34:22.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0457
Vulnerability from cvelistv5
Published
2011-03-15 17:00
Modified
2024-09-16 22:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://e107.org/comment.php?comment.news.872 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN01635457/index.html | third-party-advisory, x_refsource_JVN | |
| http://e107.org/svn_changelog.php?version=0.7.23 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"name": "JVN#01635457",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN01635457/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/svn_changelog.php?version=0.7.23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-15T17:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"name": "JVN#01635457",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN01635457/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/svn_changelog.php?version=0.7.23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-0457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://e107.org/comment.php?comment.news.872",
"refsource": "MISC",
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"name": "JVN#01635457",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN01635457/index.html"
},
{
"name": "http://e107.org/svn_changelog.php?version=0.7.23",
"refsource": "CONFIRM",
"url": "http://e107.org/svn_changelog.php?version=0.7.23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-0457",
"datePublished": "2011-03-15T17:00:00Z",
"dateReserved": "2011-01-14T00:00:00Z",
"dateUpdated": "2024-09-16T22:50:48.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0997
Vulnerability from cvelistv5
Published
2010-04-20 16:00
Modified
2024-08-07 01:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://e107.org/svn_changelog.php?version=0.7.20 | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2010/0919 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/secunia_research/2010-43/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/39539 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/57933 | vdb-entry, x_refsource_XF | |
| http://e107.org/comment.php?comment.news.864 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/510809/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/39013 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://e107.org/svn_changelog.php?version=0.7.20"
},
{
"name": "ADV-2010-0919",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0919"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2010-43/"
},
{
"name": "39539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39539"
},
{
"name": "e107-contentmanager-xss(57933)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57933"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/comment.php?comment.news.864"
},
{
"name": "20100419 Secunia Research: e107 Content Management Plugin Script Insertion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510809/100/0/threaded"
},
{
"name": "39013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://e107.org/svn_changelog.php?version=0.7.20"
},
{
"name": "ADV-2010-0919",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0919"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2010-43/"
},
{
"name": "39539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39539"
},
{
"name": "e107-contentmanager-xss(57933)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57933"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/comment.php?comment.news.864"
},
{
"name": "20100419 Secunia Research: e107 Content Management Plugin Script Insertion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510809/100/0/threaded"
},
{
"name": "39013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-0997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://e107.org/svn_changelog.php?version=0.7.20",
"refsource": "MISC",
"url": "http://e107.org/svn_changelog.php?version=0.7.20"
},
{
"name": "ADV-2010-0919",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0919"
},
{
"name": "http://secunia.com/secunia_research/2010-43/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-43/"
},
{
"name": "39539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39539"
},
{
"name": "e107-contentmanager-xss(57933)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57933"
},
{
"name": "http://e107.org/comment.php?comment.news.864",
"refsource": "CONFIRM",
"url": "http://e107.org/comment.php?comment.news.864"
},
{
"name": "20100419 Secunia Research: e107 Content Management Plugin Script Insertion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510809/100/0/threaded"
},
{
"name": "39013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2010-0997",
"datePublished": "2010-04-20T16:00:00",
"dateReserved": "2010-03-18T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2020
Vulnerability from cvelistv5
Published
2008-04-30 01:00
Modified
2024-08-07 08:41
Severity ?
EPSS score ?
Summary
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/491127/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/3834 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42152 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/28877 | vdb-entry, x_refsource_BID | |
| http://www.rooksecurity.com/blog/?p=6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080419 Deciphering the PHP-Nuke Capthca",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"name": "3834",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3834"
},
{
"name": "captcha-imagestring-codebg-weak-security(42152)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"name": "28877",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rooksecurity.com/blog/?p=6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080419 Deciphering the PHP-Nuke Capthca",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"name": "3834",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3834"
},
{
"name": "captcha-imagestring-codebg-weak-security(42152)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"name": "28877",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rooksecurity.com/blog/?p=6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080419 Deciphering the PHP-Nuke Capthca",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"name": "3834",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3834"
},
{
"name": "captcha-imagestring-codebg-weak-security(42152)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"name": "28877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28877"
},
{
"name": "http://www.rooksecurity.com/blog/?p=6",
"refsource": "MISC",
"url": "http://www.rooksecurity.com/blog/?p=6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2020",
"datePublished": "2008-04-30T01:00:00",
"dateReserved": "2008-04-29T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4786
Vulnerability from cvelistv5
Published
2008-10-29 14:00
Modified
2024-08-07 10:31
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46147 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/31948 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/4531 | third-party-advisory, x_refsource_SREASON | |
| https://www.exploit-db.com/exploits/6852 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:27.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "easyshop-easyshop-sql-injection(46147)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46147"
},
{
"name": "31948",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31948"
},
{
"name": "4531",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4531"
},
{
"name": "6852",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6852"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "easyshop-easyshop-sql-injection(46147)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46147"
},
{
"name": "31948",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31948"
},
{
"name": "4531",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4531"
},
{
"name": "6852",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6852"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "easyshop-easyshop-sql-injection(46147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46147"
},
{
"name": "31948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31948"
},
{
"name": "4531",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4531"
},
{
"name": "6852",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6852"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4786",
"datePublished": "2008-10-29T14:00:00",
"dateReserved": "2008-10-29T00:00:00",
"dateUpdated": "2024-08-07T10:31:27.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16381
Vulnerability from cvelistv5
Published
2018-09-05 21:00
Modified
2024-08-05 10:24
Severity ?
EPSS score ?
Summary
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/dhananjay-bajaj/E107-v2.1.8-XSS-POC | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dhananjay-bajaj/E107-v2.1.8-XSS-POC"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "e107 2.1.8 has XSS via the e107_admin/users.php?mode=main\u0026action=list user_loginname parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-05T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dhananjay-bajaj/E107-v2.1.8-XSS-POC"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107 2.1.8 has XSS via the e107_admin/users.php?mode=main\u0026action=list user_loginname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dhananjay-bajaj/E107-v2.1.8-XSS-POC",
"refsource": "MISC",
"url": "https://github.com/dhananjay-bajaj/E107-v2.1.8-XSS-POC"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16381",
"datePublished": "2018-09-05T21:00:00",
"dateReserved": "2018-09-02T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4083
Vulnerability from cvelistv5
Published
2009-11-27 20:45
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/508007/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://blog.bkis.com/e107-multiple-vulnerabilities/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54372 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/37087 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20091123 [Bkis-13-2009] e107 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508007/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.bkis.com/e107-multiple-vulnerabilities/"
},
{
"name": "e107-multiple-unspecified-xss(54372)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54372"
},
{
"name": "37087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20091123 [Bkis-13-2009] e107 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508007/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.bkis.com/e107-multiple-vulnerabilities/"
},
{
"name": "e107-multiple-unspecified-xss(54372)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54372"
},
{
"name": "37087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37087"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091123 [Bkis-13-2009] e107 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508007/100/0/threaded"
},
{
"name": "http://blog.bkis.com/e107-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "http://blog.bkis.com/e107-multiple-vulnerabilities/"
},
{
"name": "e107-multiple-unspecified-xss(54372)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54372"
},
{
"name": "37087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37087"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4083",
"datePublished": "2009-11-27T20:45:00",
"dateReserved": "2009-11-27T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2099
Vulnerability from cvelistv5
Published
2010-05-27 22:00
Modified
2024-09-17 04:19
Severity ?
EPSS score ?
Summary
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/40252 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:05.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html"
},
{
"name": "40252",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-27T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html"
},
{
"name": "40252",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40252"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html",
"refsource": "MISC",
"url": "http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html"
},
{
"name": "40252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40252"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2099",
"datePublished": "2010-05-27T22:00:00Z",
"dateReserved": "2010-05-27T00:00:00Z",
"dateUpdated": "2024-09-17T04:19:20.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9459
Vulnerability from cvelistv5
Published
2015-01-02 20:00
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html | x_refsource_MISC | |
| https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2014/Dec/124 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:40.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080"
},
{
"name": "20141229 CSRF vulnerability in CMS e107 v.2 alpha2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-10T18:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080"
},
{
"name": "20141229 CSRF vulnerability in CMS e107 v.2 alpha2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/124"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html"
},
{
"name": "http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html"
},
{
"name": "https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080",
"refsource": "CONFIRM",
"url": "https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080"
},
{
"name": "20141229 CSRF vulnerability in CMS e107 v.2 alpha2",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/124"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9459",
"datePublished": "2015-01-02T20:00:00",
"dateReserved": "2015-01-02T00:00:00",
"dateUpdated": "2024-08-06T13:47:40.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0682
Vulnerability from cvelistv5
Published
2006-02-15 00:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/16614 | vdb-entry, x_refsource_BID | |
| http://e107.org/comment.php?comment.news.776 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/0540 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/18816 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24625 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16614",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/comment.php?comment.news.776"
},
{
"name": "ADV-2006-0540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0540"
},
{
"name": "18816",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18816"
},
{
"name": "e107-bbcode-xss(24625)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16614",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/comment.php?comment.news.776"
},
{
"name": "ADV-2006-0540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0540"
},
{
"name": "18816",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18816"
},
{
"name": "e107-bbcode-xss(24625)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16614"
},
{
"name": "http://e107.org/comment.php?comment.news.776",
"refsource": "CONFIRM",
"url": "http://e107.org/comment.php?comment.news.776"
},
{
"name": "ADV-2006-0540",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0540"
},
{
"name": "18816",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18816"
},
{
"name": "e107-bbcode-xss(24625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0682",
"datePublished": "2006-02-15T00:00:00",
"dateReserved": "2006-02-14T00:00:00",
"dateUpdated": "2024-08-07T16:41:29.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4548
Vulnerability from cvelistv5
Published
2006-09-06 00:00
Modified
2024-08-07 19:14
Severity ?
EPSS score ?
Summary
e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107.
References
| ▼ | URL | Tags |
|---|---|---|
| http://retrogod.altervista.org/e107_075_xpl.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/444644/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/1497 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/e107_075_xpl.html"
},
{
"name": "20060829 e107 \u003c= 0.75 GLOBALS[] overwrite/Zend_Hash_Del_Key_Or_Index remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444644/100/0/threaded"
},
{
"name": "1497",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter\u0027s hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/e107_075_xpl.html"
},
{
"name": "20060829 e107 \u003c= 0.75 GLOBALS[] overwrite/Zend_Hash_Del_Key_Or_Index remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444644/100/0/threaded"
},
{
"name": "1497",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter\u0027s hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/e107_075_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/e107_075_xpl.html"
},
{
"name": "20060829 e107 \u003c= 0.75 GLOBALS[] overwrite/Zend_Hash_Del_Key_Or_Index remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444644/100/0/threaded"
},
{
"name": "1497",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4548",
"datePublished": "2006-09-06T00:00:00",
"dateReserved": "2006-09-05T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1966
Vulnerability from cvelistv5
Published
2005-06-14 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111868460811287&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/13934 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050610 Re: Arbitrary code execution in eping plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111868460811287\u0026w=2"
},
{
"name": "13934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13934"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050610 Re: Arbitrary code execution in eping plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111868460811287\u0026w=2"
},
{
"name": "13934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13934"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050610 Re: Arbitrary code execution in eping plugin",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111868460811287\u0026w=2"
},
{
"name": "13934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13934"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1966",
"datePublished": "2005-06-14T04:00:00",
"dateReserved": "2005-06-14T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27885
Vulnerability from cvelistv5
Published
2021-03-02 18:15
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/e107inc/e107/releases | x_refsource_MISC | |
| https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-Forgery.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/e107inc/e107/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-04T16:06:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/e107inc/e107/releases",
"refsource": "MISC",
"url": "https://github.com/e107inc/e107/releases"
},
{
"name": "https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472",
"refsource": "MISC",
"url": "https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472"
},
{
"name": "http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27885",
"datePublished": "2021-03-02T18:15:32",
"dateReserved": "2021-03-01T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2416
Vulnerability from cvelistv5
Published
2006-05-16 10:00
Modified
2024-08-07 17:51
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name'].
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/433938/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26434 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/1802 | vdb-entry, x_refsource_VUPEN | |
| http://securityreason.com/securityalert/905 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/20089 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/25521 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/17966 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060513 SQL-Injection in e107 allows attacker to become a site admininstrator",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433938/100/0/threaded"
},
{
"name": "e107-cookie-sql-injection(26434)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26434"
},
{
"name": "ADV-2006-1802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1802"
},
{
"name": "905",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/905"
},
{
"name": "20089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20089"
},
{
"name": "25521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25521"
},
{
"name": "17966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref[\u0027cookie_name\u0027]."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060513 SQL-Injection in e107 allows attacker to become a site admininstrator",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433938/100/0/threaded"
},
{
"name": "e107-cookie-sql-injection(26434)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26434"
},
{
"name": "ADV-2006-1802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1802"
},
{
"name": "905",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/905"
},
{
"name": "20089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20089"
},
{
"name": "25521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25521"
},
{
"name": "17966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17966"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref[\u0027cookie_name\u0027]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060513 SQL-Injection in e107 allows attacker to become a site admininstrator",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433938/100/0/threaded"
},
{
"name": "e107-cookie-sql-injection(26434)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26434"
},
{
"name": "ADV-2006-1802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1802"
},
{
"name": "905",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/905"
},
{
"name": "20089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20089"
},
{
"name": "25521",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25521"
},
{
"name": "17966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17966"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2416",
"datePublished": "2006-05-16T10:00:00",
"dateReserved": "2006-05-15T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7305
Vulnerability from cvelistv5
Published
2014-01-22 19:00
Modified
2024-09-16 20:26
Severity ?
EPSS score ?
Summary
fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/p/e107/svn/13114 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/e107/svn/13114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-22T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/e107/svn/13114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/e107/svn/13114",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/e107/svn/13114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7305",
"datePublished": "2014-01-22T19:00:00Z",
"dateReserved": "2014-01-22T00:00:00Z",
"dateUpdated": "2024-09-16T20:26:33.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8098
Vulnerability from cvelistv5
Published
2017-04-24 18:00
Modified
2024-09-16 18:09
Severity ?
EPSS score ?
Summary
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2017/Apr/40 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/40"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-24T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/40"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5",
"refsource": "MISC",
"url": "https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Apr/40",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/40"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8098",
"datePublished": "2017-04-24T18:00:00Z",
"dateReserved": "2017-04-24T00:00:00Z",
"dateUpdated": "2024-09-16T18:09:07.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2261
Vulnerability from cvelistv5
Published
2005-07-19 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16087 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/5982 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1010084 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/10293 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/11567 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "e107-news-submit-xss(16087)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16087"
},
{
"name": "5982",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5982"
},
{
"name": "1010084",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010084"
},
{
"name": "10293",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10293"
},
{
"name": "11567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11567"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the \"login name/author\" field in the (1) news submit or (2) article submit functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "e107-news-submit-xss(16087)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16087"
},
{
"name": "5982",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5982"
},
{
"name": "1010084",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010084"
},
{
"name": "10293",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10293"
},
{
"name": "11567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11567"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the \"login name/author\" field in the (1) news submit or (2) article submit functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "e107-news-submit-xss(16087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16087"
},
{
"name": "5982",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5982"
},
{
"name": "1010084",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010084"
},
{
"name": "10293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10293"
},
{
"name": "11567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11567"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2261",
"datePublished": "2005-07-19T04:00:00",
"dateReserved": "2005-07-19T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4946
Vulnerability from cvelistv5
Published
2012-08-31 22:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68061 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/44968 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/73120 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2012/03/28/4 | mailing-list, x_refsource_MLIST | |
| https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html | x_refsource_MISC | |
| http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306 | x_refsource_CONFIRM | |
| http://e107.org/svn_changelog.php?version=0.7.26 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/03/29/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "e107-usersextended-sql-injection(68061)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68061"
},
{
"name": "44968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44968"
},
{
"name": "73120",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73120"
},
{
"name": "[oss-security] 20120328 CVE-request: e107 HTB23004",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225\u0026r2=12306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/svn_changelog.php?version=0.7.26"
},
{
"name": "[oss-security] 20120328 Re: CVE-request: e107 HTB23004",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "e107-usersextended-sql-injection(68061)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68061"
},
{
"name": "44968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44968"
},
{
"name": "73120",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73120"
},
{
"name": "[oss-security] 20120328 CVE-request: e107 HTB23004",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225\u0026r2=12306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/svn_changelog.php?version=0.7.26"
},
{
"name": "[oss-security] 20120328 Re: CVE-request: e107 HTB23004",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "e107-usersextended-sql-injection(68061)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68061"
},
{
"name": "44968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44968"
},
{
"name": "73120",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73120"
},
{
"name": "[oss-security] 20120328 CVE-request: e107 HTB23004",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/4"
},
{
"name": "https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html"
},
{
"name": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225\u0026r2=12306",
"refsource": "CONFIRM",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225\u0026r2=12306"
},
{
"name": "http://e107.org/svn_changelog.php?version=0.7.26",
"refsource": "CONFIRM",
"url": "http://e107.org/svn_changelog.php?version=0.7.26"
},
{
"name": "[oss-security] 20120328 Re: CVE-request: e107 HTB23004",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4946",
"datePublished": "2012-08-31T22:00:00",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:23:39.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4794
Vulnerability from cvelistv5
Published
2006-09-14 21:00
Modified
2024-08-07 19:23
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/30982 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/30979 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/30987 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/30983 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/30984 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/30986 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html | x_refsource_MISC | |
| http://www.osvdb.org/30985 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/19997 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/30981 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/30980 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30982",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30982"
},
{
"name": "30979",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30979"
},
{
"name": "30987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30987"
},
{
"name": "30983",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30983"
},
{
"name": "30984",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30984"
},
{
"name": "30986",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30986"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html"
},
{
"name": "30985",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30985"
},
{
"name": "19997",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19997"
},
{
"name": "30981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30981"
},
{
"name": "30980",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-10T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30982",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30982"
},
{
"name": "30979",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30979"
},
{
"name": "30987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30987"
},
{
"name": "30983",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30983"
},
{
"name": "30984",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30984"
},
{
"name": "30986",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30986"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html"
},
{
"name": "30985",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30985"
},
{
"name": "19997",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19997"
},
{
"name": "30981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30981"
},
{
"name": "30980",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30982",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30982"
},
{
"name": "30979",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30979"
},
{
"name": "30987",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30987"
},
{
"name": "30983",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30983"
},
{
"name": "30984",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30984"
},
{
"name": "30986",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30986"
},
{
"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html",
"refsource": "MISC",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html"
},
{
"name": "30985",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30985"
},
{
"name": "19997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19997"
},
{
"name": "30981",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30981"
},
{
"name": "30980",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4794",
"datePublished": "2006-09-14T21:00:00",
"dateReserved": "2006-09-14T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15901
Vulnerability from cvelistv5
Published
2018-08-28 19:00
Modified
2024-08-05 10:10
Severity ?
EPSS score ?
Summary
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/dhananjay-bajaj/e107_2.1.8_csrf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:10:05.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dhananjay-bajaj/e107_2.1.8_csrf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "e107 2.1.8 has CSRF in \u0027usersettings.php\u0027 with an impact of changing details such as passwords of users including administrators."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dhananjay-bajaj/e107_2.1.8_csrf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107 2.1.8 has CSRF in \u0027usersettings.php\u0027 with an impact of changing details such as passwords of users including administrators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dhananjay-bajaj/e107_2.1.8_csrf",
"refsource": "MISC",
"url": "https://github.com/dhananjay-bajaj/e107_2.1.8_csrf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15901",
"datePublished": "2018-08-28T19:00:00",
"dateReserved": "2018-08-26T00:00:00",
"dateUpdated": "2024-08-05T10:10:05.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2039
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:15
Severity ?
EPSS score ?
Summary
e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16277 | vdb-entry, x_refsource_XF | |
| http://www.waraxe.us/index.php?modname=sa&id=31 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/10436 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/6525 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/11740 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=108588043007224&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=full-disclosure&m=108586723116427&w=2 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "e107-multiplescripts-path-disclosure(16277)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16277"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"name": "10436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10436"
},
{
"name": "6525",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6525"
},
{
"name": "11740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11740"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "e107-multiplescripts-path-disclosure(16277)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16277"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"name": "10436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10436"
},
{
"name": "6525",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6525"
},
{
"name": "11740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11740"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "e107-multiplescripts-path-disclosure(16277)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16277"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa\u0026id=31",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"name": "10436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10436"
},
{
"name": "6525",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6525"
},
{
"name": "11740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11740"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2039",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2031
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:15
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10405 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/11696 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/6410 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16241 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108541119526279&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10405",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10405"
},
{
"name": "11696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11696"
},
{
"name": "6410",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6410"
},
{
"name": "e107-user-xss(16241)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16241"
},
{
"name": "20040522 e107 web portal user.php XSS (Cross Site Scripting)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108541119526279\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10405",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10405"
},
{
"name": "11696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11696"
},
{
"name": "6410",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6410"
},
{
"name": "e107-user-xss(16241)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16241"
},
{
"name": "20040522 e107 web portal user.php XSS (Cross Site Scripting)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108541119526279\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10405"
},
{
"name": "11696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11696"
},
{
"name": "6410",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6410"
},
{
"name": "e107-user-xss(16241)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16241"
},
{
"name": "20040522 e107 web portal user.php XSS (Cross Site Scripting)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108541119526279\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2031",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1191
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 02:19
Severity ?
EPSS score ?
Summary
chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/8930 | vdb-entry, x_refsource_BID | |
| http://www.hackingheaven.com/index.php?name=PNphpBB2&file=viewtopic&t=21 | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2003-10/0313.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13553 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/10115 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/2753 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:45.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8930",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8930"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hackingheaven.com/index.php?name=PNphpBB2\u0026file=viewtopic\u0026t=21"
},
{
"name": "20031029 E107 DoS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-10/0313.html"
},
{
"name": "e107chatboxdos(13553)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13553"
},
{
"name": "10115",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10115"
},
{
"name": "2753",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8930",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8930"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hackingheaven.com/index.php?name=PNphpBB2\u0026file=viewtopic\u0026t=21"
},
{
"name": "20031029 E107 DoS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-10/0313.html"
},
{
"name": "e107chatboxdos(13553)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13553"
},
{
"name": "10115",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10115"
},
{
"name": "2753",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2753"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8930"
},
{
"name": "http://www.hackingheaven.com/index.php?name=PNphpBB2\u0026file=viewtopic\u0026t=21",
"refsource": "MISC",
"url": "http://www.hackingheaven.com/index.php?name=PNphpBB2\u0026file=viewtopic\u0026t=21"
},
{
"name": "20031029 E107 DoS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-10/0313.html"
},
{
"name": "e107chatboxdos(13553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13553"
},
{
"name": "10115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10115"
},
{
"name": "2753",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2753"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1191",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T02:19:45.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6434
Vulnerability from cvelistv5
Published
2013-01-03 11:00
Modified
2024-09-16 16:28
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/23829/ | exploit, x_refsource_EXPLOIT-DB | |
| http://e107.org/changelog | x_refsource_CONFIRM | |
| http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/download.php?sortdir=down&r1=13037&r2=13058&sortby=rev | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23829",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/23829/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/changelog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/download.php?sortdir=down\u0026r1=13037\u0026r2=13058\u0026sortby=rev"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-03T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23829",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/23829/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/changelog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/download.php?sortdir=down\u0026r1=13037\u0026r2=13058\u0026sortby=rev"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23829",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/23829/"
},
{
"name": "http://e107.org/changelog",
"refsource": "CONFIRM",
"url": "http://e107.org/changelog"
},
{
"name": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/download.php?sortdir=down\u0026r1=13037\u0026r2=13058\u0026sortby=rev",
"refsource": "CONFIRM",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/download.php?sortdir=down\u0026r1=13037\u0026r2=13058\u0026sortby=rev"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6434",
"datePublished": "2013-01-03T11:00:00Z",
"dateReserved": "2012-12-26T00:00:00Z",
"dateUpdated": "2024-09-16T16:28:43.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6438
Vulnerability from cvelistv5
Published
2009-03-06 18:00
Modified
2024-08-07 11:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/2468 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30212 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.exploit-db.com/exploits/5666 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/archive/1/492506/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.exploit-db.com/exploits/6346 | exploit, x_refsource_EXPLOIT-DB | |
| https://www.exploit-db.com/exploits/6856 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42715 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29344 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/51408 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2468",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2468"
},
{
"name": "30212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30212"
},
{
"name": "5666",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5666"
},
{
"name": "20080523 e107 Plugin BLOG Engine v2.2 (macgurublog.php/uid) Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492506/100/0/threaded"
},
{
"name": "6346",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6346"
},
{
"name": "6856",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6856"
},
{
"name": "blogengine-macgurublog-sql-injection(42715)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42715"
},
{
"name": "29344",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29344"
},
{
"name": "51408",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2468",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2468"
},
{
"name": "30212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30212"
},
{
"name": "5666",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5666"
},
{
"name": "20080523 e107 Plugin BLOG Engine v2.2 (macgurublog.php/uid) Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492506/100/0/threaded"
},
{
"name": "6346",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6346"
},
{
"name": "6856",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6856"
},
{
"name": "blogengine-macgurublog-sql-injection(42715)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42715"
},
{
"name": "29344",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29344"
},
{
"name": "51408",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2468",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2468"
},
{
"name": "30212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30212"
},
{
"name": "5666",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5666"
},
{
"name": "20080523 e107 Plugin BLOG Engine v2.2 (macgurublog.php/uid) Blind SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492506/100/0/threaded"
},
{
"name": "6346",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6346"
},
{
"name": "6856",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6856"
},
{
"name": "blogengine-macgurublog-sql-injection(42715)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42715"
},
{
"name": "29344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29344"
},
{
"name": "51408",
"refsource": "OSVDB",
"url": "http://osvdb.org/51408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6438",
"datePublished": "2009-03-06T18:00:00",
"dateReserved": "2009-03-06T00:00:00",
"dateUpdated": "2024-08-07T11:27:35.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6466
Vulnerability from cvelistv5
Published
2009-03-13 10:00
Modified
2024-08-07 11:34
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/34384 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/31286 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/6516 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:45.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34384"
},
{
"name": "31286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31286"
},
{
"name": "6516",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34384"
},
{
"name": "31286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31286"
},
{
"name": "6516",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6516"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34384"
},
{
"name": "31286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31286"
},
{
"name": "6516",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6516"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6466",
"datePublished": "2009-03-13T10:00:00",
"dateReserved": "2009-03-13T00:00:00",
"dateUpdated": "2024-08-07T11:34:45.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4757
Vulnerability from cvelistv5
Published
2011-03-15 17:00
Modified
2024-08-07 03:55
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.madirish.net/?article=471 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61331 | vdb-entry, x_refsource_XF | |
| http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?r1=11655&r2=11654&pathrev=11655 | x_refsource_CONFIRM | |
| http://e107.org/svn_changelog.php?version=0.7.23 | x_refsource_CONFIRM | |
| http://e107.org/comment.php?comment.news.872 | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1024351 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/?article=471"
},
{
"name": "e107-submitnewstitle-xss(61331)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61331"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?r1=11655\u0026r2=11654\u0026pathrev=11655"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/svn_changelog.php?version=0.7.23"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"name": "1024351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024351"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/?article=471"
},
{
"name": "e107-submitnewstitle-xss(61331)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61331"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?r1=11655\u0026r2=11654\u0026pathrev=11655"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/svn_changelog.php?version=0.7.23"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"name": "1024351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024351"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.madirish.net/?article=471",
"refsource": "MISC",
"url": "http://www.madirish.net/?article=471"
},
{
"name": "e107-submitnewstitle-xss(61331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61331"
},
{
"name": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?r1=11655\u0026r2=11654\u0026pathrev=11655",
"refsource": "CONFIRM",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?r1=11655\u0026r2=11654\u0026pathrev=11655"
},
{
"name": "http://e107.org/svn_changelog.php?version=0.7.23",
"refsource": "CONFIRM",
"url": "http://e107.org/svn_changelog.php?version=0.7.23"
},
{
"name": "http://e107.org/comment.php?comment.news.872",
"refsource": "CONFIRM",
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"name": "1024351",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024351"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4757",
"datePublished": "2011-03-15T17:00:00",
"dateReserved": "2011-03-15T00:00:00",
"dateUpdated": "2024-08-07T03:55:35.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10378
Vulnerability from cvelistv5
Published
2017-05-29 19:00
Modified
2024-09-16 16:58
Severity ?
EPSS score ?
Summary
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://code610.blogspot.com/2016/09/sql-injection-in-latest-e107-cms.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:51.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2016/09/sql-injection-in-latest-e107-cms.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-29T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2016/09/sql-injection-in-latest-e107-cms.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code610.blogspot.com/2016/09/sql-injection-in-latest-e107-cms.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2016/09/sql-injection-in-latest-e107-cms.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10378",
"datePublished": "2017-05-29T19:00:00Z",
"dateReserved": "2017-05-29T00:00:00Z",
"dateUpdated": "2024-09-16T16:58:53.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4051
Vulnerability from cvelistv5
Published
2005-12-07 11:00
Modified
2024-08-07 23:31
Severity ?
EPSS score ?
Summary
e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/15748 | vdb-entry, x_refsource_BID | |
| http://e107.org/e107_plugins/bugtrack/bugtrack.php?1625.show | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/418577/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/17890/ | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15748"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?1625.show"
},
{
"name": "20051205 [scip_Advisory] e107 v0.6 rate.php manipulation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/418577/100/0/threaded"
},
{
"name": "17890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17890/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15748"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?1625.show"
},
{
"name": "20051205 [scip_Advisory] e107 v0.6 rate.php manipulation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/418577/100/0/threaded"
},
{
"name": "17890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17890/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15748"
},
{
"name": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?1625.show",
"refsource": "CONFIRM",
"url": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?1625.show"
},
{
"name": "20051205 [scip_Advisory] e107 v0.6 rate.php manipulation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418577/100/0/threaded"
},
{
"name": "17890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17890/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4051",
"datePublished": "2005-12-07T11:00:00",
"dateReserved": "2005-12-07T00:00:00",
"dateUpdated": "2024-08-07T23:31:48.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3731
Vulnerability from cvelistv5
Published
2011-09-23 23:00
Modified
2024-09-16 21:08
Severity ?
EPSS score ?
Summary
e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-list, x_refsource_MLIST | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README | x_refsource_MISC | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/e107_0.7.24 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/e107_0.7.24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/e107_0.7.24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/e107_0.7.24",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/e107_0.7.24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3731",
"datePublished": "2011-09-23T23:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T21:08:16.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3594
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/158 | third-party-advisory, x_refsource_SREASON | |
| http://marc.info/?l=bugtraq&m=113141422014568&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "158",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/158"
},
{
"name": "20051107 e107 Games System exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113141422014568\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "158",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/158"
},
{
"name": "20051107 e107 Games System exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113141422014568\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "158",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/158"
},
{
"name": "20051107 e107 Games System exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113141422014568\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3594",
"datePublished": "2005-11-16T07:37:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2805
Vulnerability from cvelistv5
Published
2005-09-06 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=112544896117131&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22059 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/14699 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050830 e107 0.6 forum_post.php create new topics in non-existing forums",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112544896117131\u0026w=2"
},
{
"name": "e107-forumpost-topic-creation(22059)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22059"
},
{
"name": "14699",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14699"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050830 e107 0.6 forum_post.php create new topics in non-existing forums",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112544896117131\u0026w=2"
},
{
"name": "e107-forumpost-topic-creation(22059)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22059"
},
{
"name": "14699",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14699"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050830 e107 0.6 forum_post.php create new topics in non-existing forums",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112544896117131\u0026w=2"
},
{
"name": "e107-forumpost-topic-creation(22059)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22059"
},
{
"name": "14699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14699"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2805",
"datePublished": "2005-09-06T04:00:00",
"dateReserved": "2005-09-06T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2591
Vulnerability from cvelistv5
Published
2006-05-25 10:00
Modified
2024-08-07 17:58
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/20262 | third-party-advisory, x_refsource_SECUNIA | |
| http://e107.org/comment.php?comment.news.788 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/1963 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/25740 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/comment.php?comment.news.788"
},
{
"name": "ADV-2006-1963",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1963"
},
{
"name": "25740",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an \"emailing exploit\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-06-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/comment.php?comment.news.788"
},
{
"name": "ADV-2006-1963",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1963"
},
{
"name": "25740",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an \"emailing exploit\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20262"
},
{
"name": "http://e107.org/comment.php?comment.news.788",
"refsource": "CONFIRM",
"url": "http://e107.org/comment.php?comment.news.788"
},
{
"name": "ADV-2006-1963",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1963"
},
{
"name": "25740",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2591",
"datePublished": "2006-05-25T10:00:00",
"dateReserved": "2006-05-25T00:00:00",
"dateUpdated": "2024-08-07T17:58:51.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3259
Vulnerability from cvelistv5
Published
2006-06-27 21:00
Modified
2024-08-07 18:23
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/20727 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27242 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/18508 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2006/2460 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/18560 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27240 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/437649/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/1151 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20727"
},
{
"name": "e107-subject-xss(27242)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27242"
},
{
"name": "18508",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18508"
},
{
"name": "ADV-2006-2460",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2460"
},
{
"name": "18560",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18560"
},
{
"name": "e107-search-xss(27240)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27240"
},
{
"name": "20060618 e107 v0.7.5 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437649/100/0/threaded"
},
{
"name": "1151",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20727"
},
{
"name": "e107-subject-xss(27242)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27242"
},
{
"name": "18508",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18508"
},
{
"name": "ADV-2006-2460",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2460"
},
{
"name": "18560",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18560"
},
{
"name": "e107-search-xss(27240)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27240"
},
{
"name": "20060618 e107 v0.7.5 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437649/100/0/threaded"
},
{
"name": "1151",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20727"
},
{
"name": "e107-subject-xss(27242)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27242"
},
{
"name": "18508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18508"
},
{
"name": "ADV-2006-2460",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2460"
},
{
"name": "18560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18560"
},
{
"name": "e107-search-xss(27240)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27240"
},
{
"name": "20060618 e107 v0.7.5 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437649/100/0/threaded"
},
{
"name": "1151",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3259",
"datePublished": "2006-06-27T21:00:00",
"dateReserved": "2006-06-27T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11734
Vulnerability from cvelistv5
Published
2019-07-10 17:19
Modified
2024-08-05 08:17
Severity ?
EPSS score ?
Summary
In e107 v2.1.7, output without filtering results in XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/e107inc/e107/issues/3170 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/e107inc/e107/issues/3170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In e107 v2.1.7, output without filtering results in XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-10T17:19:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/issues/3170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In e107 v2.1.7, output without filtering results in XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/e107inc/e107/issues/3170",
"refsource": "MISC",
"url": "https://github.com/e107inc/e107/issues/3170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11734",
"datePublished": "2019-07-10T17:19:51",
"dateReserved": "2018-06-05T00:00:00",
"dateUpdated": "2024-08-05T08:17:09.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4734
Vulnerability from cvelistv5
Published
2014-07-21 14:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.htbridge.com/advisory/HTB23220 | x_refsource_MISC | |
| https://github.com/e107inc/e107/commit/f80e417bb3e7ab5c1a89ea9ddd2cd060f54464e1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/68674 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/127499/e107-2.0-alpha2-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/532801/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23220"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/e107inc/e107/commit/f80e417bb3e7ab5c1a89ea9ddd2cd060f54464e1"
},
{
"name": "68674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68674"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127499/e107-2.0-alpha2-Cross-Site-Scripting.html"
},
{
"name": "20140716 Reflected Cross-Site Scripting (XSS) in e107",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532801/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23220"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/e107inc/e107/commit/f80e417bb3e7ab5c1a89ea9ddd2cd060f54464e1"
},
{
"name": "68674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68674"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127499/e107-2.0-alpha2-Cross-Site-Scripting.html"
},
{
"name": "20140716 Reflected Cross-Site Scripting (XSS) in e107",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532801/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23220",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23220"
},
{
"name": "https://github.com/e107inc/e107/commit/f80e417bb3e7ab5c1a89ea9ddd2cd060f54464e1",
"refsource": "CONFIRM",
"url": "https://github.com/e107inc/e107/commit/f80e417bb3e7ab5c1a89ea9ddd2cd060f54464e1"
},
{
"name": "68674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68674"
},
{
"name": "http://packetstormsecurity.com/files/127499/e107-2.0-alpha2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127499/e107-2.0-alpha2-Cross-Site-Scripting.html"
},
{
"name": "20140716 Reflected Cross-Site Scripting (XSS) in e107",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532801/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4734",
"datePublished": "2014-07-21T14:00:00",
"dateReserved": "2014-07-08T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1949
Vulnerability from cvelistv5
Published
2005-06-14 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111835539312985&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=111868460811287&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://e107plugins.co.uk/news.php | x_refsource_CONFIRM | |
| http://secunia.com/advisories/15678 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050609 Arbitrary code execution in eping plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111835539312985\u0026w=2"
},
{
"name": "20050610 Re: Arbitrary code execution in eping plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111868460811287\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107plugins.co.uk/news.php"
},
{
"name": "15678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15678"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050609 Arbitrary code execution in eping plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111835539312985\u0026w=2"
},
{
"name": "20050610 Re: Arbitrary code execution in eping plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111868460811287\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107plugins.co.uk/news.php"
},
{
"name": "15678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15678"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050609 Arbitrary code execution in eping plugin",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111835539312985\u0026w=2"
},
{
"name": "20050610 Re: Arbitrary code execution in eping plugin",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111868460811287\u0026w=2"
},
{
"name": "http://e107plugins.co.uk/news.php",
"refsource": "CONFIRM",
"url": "http://e107plugins.co.uk/news.php"
},
{
"name": "15678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15678"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1949",
"datePublished": "2005-06-14T04:00:00",
"dateReserved": "2005-06-14T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16389
Vulnerability from cvelistv5
Published
2018-09-12 16:00
Modified
2024-08-05 10:24
Severity ?
EPSS score ?
Summary
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/e107inc/e107/commit/ec483e9379aa622bfcc1b853b189c74288771f27 | x_refsource_CONFIRM | |
| https://gist.github.com/ommadawn46/51e08e13e6980dcbcffb4322c29b93d0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:31.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/e107inc/e107/commit/ec483e9379aa622bfcc1b853b189c74288771f27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/ommadawn46/51e08e13e6980dcbcffb4322c29b93d0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/e107inc/e107/commit/ec483e9379aa622bfcc1b853b189c74288771f27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/ommadawn46/51e08e13e6980dcbcffb4322c29b93d0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/e107inc/e107/commit/ec483e9379aa622bfcc1b853b189c74288771f27",
"refsource": "CONFIRM",
"url": "https://github.com/e107inc/e107/commit/ec483e9379aa622bfcc1b853b189c74288771f27"
},
{
"name": "https://gist.github.com/ommadawn46/51e08e13e6980dcbcffb4322c29b93d0",
"refsource": "MISC",
"url": "https://gist.github.com/ommadawn46/51e08e13e6980dcbcffb4322c29b93d0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16389",
"datePublished": "2018-09-12T16:00:00",
"dateReserved": "2018-09-02T00:00:00",
"dateUpdated": "2024-08-05T10:24:31.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3843
Vulnerability from cvelistv5
Published
2012-07-03 22:00
Modified
2024-08-06 20:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75225 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.org/files/112241/e107-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/53271 | vdb-entry, x_refsource_BID | |
| http://hauntit.blogspot.com/2012/04/en-e107-cms-reflected-xss-in.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:03.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "e107-registration-xss(75225)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75225"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/112241/e107-Cross-Site-Scripting.html"
},
{
"name": "53271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53271"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hauntit.blogspot.com/2012/04/en-e107-cms-reflected-xss-in.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "e107-registration-xss(75225)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75225"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/112241/e107-Cross-Site-Scripting.html"
},
{
"name": "53271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53271"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hauntit.blogspot.com/2012/04/en-e107-cms-reflected-xss-in.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "e107-registration-xss(75225)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75225"
},
{
"name": "http://packetstormsecurity.org/files/112241/e107-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112241/e107-Cross-Site-Scripting.html"
},
{
"name": "53271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53271"
},
{
"name": "http://hauntit.blogspot.com/2012/04/en-e107-cms-reflected-xss-in.html",
"refsource": "MISC",
"url": "http://hauntit.blogspot.com/2012/04/en-e107-cms-reflected-xss-in.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3843",
"datePublished": "2012-07-03T22:00:00",
"dateReserved": "2012-07-03T00:00:00",
"dateUpdated": "2024-08-06T20:21:03.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2262
Vulnerability from cvelistv5
Published
2005-07-19 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1012657 | vdb-entry, x_refsource_SECTRACK | |
| https://www.exploit-db.com/exploits/704 | exploit, x_refsource_EXPLOIT-DB | |
| http://e107.org/comment.php?comment.news.672 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/12111 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18670 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/13657 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/12586 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1012657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012657"
},
{
"name": "704",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/704"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://e107.org/comment.php?comment.news.672"
},
{
"name": "12111",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12111"
},
{
"name": "e107-images-file-upload(18670)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18670"
},
{
"name": "13657",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13657"
},
{
"name": "12586",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/12586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1012657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012657"
},
{
"name": "704",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/704"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://e107.org/comment.php?comment.news.672"
},
{
"name": "12111",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12111"
},
{
"name": "e107-images-file-upload(18670)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18670"
},
{
"name": "13657",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13657"
},
{
"name": "12586",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/12586"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1012657",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012657"
},
{
"name": "704",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/704"
},
{
"name": "http://e107.org/comment.php?comment.news.672",
"refsource": "MISC",
"url": "http://e107.org/comment.php?comment.news.672"
},
{
"name": "12111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12111"
},
{
"name": "e107-images-file-upload(18670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18670"
},
{
"name": "13657",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13657"
},
{
"name": "12586",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12586"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2262",
"datePublished": "2005-07-19T04:00:00",
"dateReserved": "2005-07-19T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-5084
Vulnerability from cvelistv5
Published
2012-02-14 20:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.madirish.net/?article=471 | x_refsource_MISC | |
| http://e107.org/comment.php?comment.news.872 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1024351 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/41034 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/?article=471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"name": "1024351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024351"
},
{
"name": "41034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/?article=471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"name": "1024351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024351"
},
{
"name": "41034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.madirish.net/?article=471",
"refsource": "MISC",
"url": "http://www.madirish.net/?article=471"
},
{
"name": "http://e107.org/comment.php?comment.news.872",
"refsource": "CONFIRM",
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"name": "1024351",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024351"
},
{
"name": "41034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5084",
"datePublished": "2012-02-14T20:00:00Z",
"dateReserved": "2012-02-14T00:00:00Z",
"dateUpdated": "2024-09-16T21:57:25.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2590
Vulnerability from cvelistv5
Published
2006-05-25 10:00
Modified
2024-08-07 17:58
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/20262 | third-party-advisory, x_refsource_SECUNIA | |
| http://e107.org/comment.php?comment.news.788 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/1963 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/25739 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/comment.php?comment.news.788"
},
{
"name": "ADV-2006-1963",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1963"
},
{
"name": "25739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-06-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/comment.php?comment.news.788"
},
{
"name": "ADV-2006-1963",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1963"
},
{
"name": "25739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25739"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20262"
},
{
"name": "http://e107.org/comment.php?comment.news.788",
"refsource": "CONFIRM",
"url": "http://e107.org/comment.php?comment.news.788"
},
{
"name": "ADV-2006-1963",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1963"
},
{
"name": "25739",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25739"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2590",
"datePublished": "2006-05-25T10:00:00",
"dateReserved": "2006-05-25T00:00:00",
"dateUpdated": "2024-08-07T17:58:51.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6114
Vulnerability from cvelistv5
Published
2009-02-11 17:25
Modified
2024-08-07 11:20
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/7184 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46784 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/32795 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/32423 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7184",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7184"
},
{
"name": "zogoshop-productdetails-sql-injection(46784)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46784"
},
{
"name": "32795",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32795"
},
{
"name": "32423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7184",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7184"
},
{
"name": "zogoshop-productdetails-sql-injection(46784)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46784"
},
{
"name": "32795",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32795"
},
{
"name": "32423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32423"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7184",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7184"
},
{
"name": "zogoshop-productdetails-sql-injection(46784)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46784"
},
{
"name": "32795",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32795"
},
{
"name": "32423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32423"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6114",
"datePublished": "2009-02-11T17:25:00",
"dateReserved": "2009-02-11T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2028
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:15
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/11693 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/6345 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=108515632622796&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10395 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16231 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11693"
},
{
"name": "6345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6345"
},
{
"name": "20040521 e107 web portal Referers HTTP Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108515632622796\u0026w=2"
},
{
"name": "10395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10395"
},
{
"name": "e107-log-xss(16231)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16231"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11693"
},
{
"name": "6345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6345"
},
{
"name": "20040521 e107 web portal Referers HTTP Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108515632622796\u0026w=2"
},
{
"name": "10395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10395"
},
{
"name": "e107-log-xss(16231)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16231"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11693"
},
{
"name": "6345",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6345"
},
{
"name": "20040521 e107 web portal Referers HTTP Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108515632622796\u0026w=2"
},
{
"name": "10395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10395"
},
{
"name": "e107-log-xss(16231)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16231"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2028",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4921
Vulnerability from cvelistv5
Published
2012-01-04 19:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/46706 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72011 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/78050 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/51253 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2012/01/04/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46706"
},
{
"name": "e107inc-usersettings-sql-injection(72011)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72011"
},
{
"name": "78050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78050"
},
{
"name": "51253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51253"
},
{
"name": "[oss-security] 20120104 Re: CVE-request: Multiple e107 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "46706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46706"
},
{
"name": "e107inc-usersettings-sql-injection(72011)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72011"
},
{
"name": "78050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78050"
},
{
"name": "51253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51253"
},
{
"name": "[oss-security] 20120104 Re: CVE-request: Multiple e107 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46706"
},
{
"name": "e107inc-usersettings-sql-injection(72011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72011"
},
{
"name": "78050",
"refsource": "OSVDB",
"url": "http://osvdb.org/78050"
},
{
"name": "51253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51253"
},
{
"name": "[oss-security] 20120104 Re: CVE-request: Multiple e107 vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4921",
"datePublished": "2012-01-04T19:00:00",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:23:38.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1409
Vulnerability from cvelistv5
Published
2009-04-24 14:00
Modified
2024-08-07 05:13
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/34823 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49981 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/53812 | vdb-entry, x_refsource_OSVDB | |
| https://www.exploit-db.com/exploits/8495 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/34614 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34823"
},
{
"name": "e107-hide-sql-injection(49981)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49981"
},
{
"name": "53812",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53812"
},
{
"name": "8495",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8495"
},
{
"name": "34614",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when \"Extended User Fields\" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34823"
},
{
"name": "e107-hide-sql-injection(49981)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49981"
},
{
"name": "53812",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53812"
},
{
"name": "8495",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8495"
},
{
"name": "34614",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34614"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when \"Extended User Fields\" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34823"
},
{
"name": "e107-hide-sql-injection(49981)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49981"
},
{
"name": "53812",
"refsource": "OSVDB",
"url": "http://osvdb.org/53812"
},
{
"name": "8495",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8495"
},
{
"name": "34614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34614"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1409",
"datePublished": "2009-04-24T14:00:00",
"dateReserved": "2009-04-24T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4757
Vulnerability from cvelistv5
Published
2006-09-13 23:00
Modified
2024-08-07 19:23
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/1569 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/445005/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1569",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1569"
},
{
"name": "20060901 Sql injections in e107 [Admin section]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445005/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195\u0026action=show"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that \"If your admins are injecting you, you might want to reconsider their access.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1569",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1569"
},
{
"name": "20060901 Sql injections in e107 [Admin section]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445005/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195\u0026action=show"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that \"If your admins are injecting you, you might want to reconsider their access.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1569",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1569"
},
{
"name": "20060901 Sql injections in e107 [Admin section]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445005/100/100/threaded"
},
{
"name": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195\u0026action=show",
"refsource": "MISC",
"url": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195\u0026action=show"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4757",
"datePublished": "2006-09-13T23:00:00",
"dateReserved": "2006-09-13T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-17423
Vulnerability from cvelistv5
Published
2019-06-19 16:38
Modified
2024-08-05 10:47
Severity ?
EPSS score ?
Summary
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/e107inc/e107/issues/3414 | x_refsource_MISC | |
| https://github.com/Kiss-sh0t/e107_v2.1.9_XSS_poc | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/e107inc/e107/issues/3414"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Kiss-sh0t/e107_v2.1.9_XSS_poc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-19T16:38:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/issues/3414"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Kiss-sh0t/e107_v2.1.9_XSS_poc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/e107inc/e107/issues/3414",
"refsource": "MISC",
"url": "https://github.com/e107inc/e107/issues/3414"
},
{
"name": "https://github.com/Kiss-sh0t/e107_v2.1.9_XSS_poc",
"refsource": "MISC",
"url": "https://github.com/Kiss-sh0t/e107_v2.1.9_XSS_poc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17423",
"datePublished": "2019-06-19T16:38:15",
"dateReserved": "2018-09-23T00:00:00",
"dateUpdated": "2024-08-05T10:47:04.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1513
Vulnerability from cvelistv5
Published
2011-11-04 21:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.coresecurity.com/content/e107-cms-script-command-injection | x_refsource_MISC | |
| http://www.securityfocus.com/bid/50339 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/70921 | vdb-entry, x_refsource_XF | |
| http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931&r2=12376&pathrev=12376 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/e107-cms-script-command-injection"
},
{
"name": "50339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50339"
},
{
"name": "e107-cmd-command-execution(70921)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70921"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931\u0026r2=12376\u0026pathrev=12376"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/e107-cms-script-command-injection"
},
{
"name": "50339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50339"
},
{
"name": "e107-cmd-command-execution(70921)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70921"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931\u0026r2=12376\u0026pathrev=12376"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.coresecurity.com/content/e107-cms-script-command-injection",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/e107-cms-script-command-injection"
},
{
"name": "50339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50339"
},
{
"name": "e107-cmd-command-execution(70921)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70921"
},
{
"name": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931\u0026r2=12376\u0026pathrev=12376",
"refsource": "CONFIRM",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931\u0026r2=12376\u0026pathrev=12376"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1513",
"datePublished": "2011-11-04T21:00:00",
"dateReserved": "2011-03-23T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2750
Vulnerability from cvelistv5
Published
2014-01-22 19:00
Modified
2024-08-06 15:44
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.secuvera.de/advisories/TC-SA-2013-01.txt | x_refsource_MISC | |
| http://sourceforge.net/p/e107/svn/13079 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/526168 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.secuvera.de/advisories/TC-SA-2013-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/e107/svn/13079"
},
{
"name": "20130403 TC-SA-2013-01: Reflected Cross-Site-Scripting (XSS) vulnerability in e107 CMS v1.0.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/526168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-22T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.secuvera.de/advisories/TC-SA-2013-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/e107/svn/13079"
},
{
"name": "20130403 TC-SA-2013-01: Reflected Cross-Site-Scripting (XSS) vulnerability in e107 CMS v1.0.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/526168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.secuvera.de/advisories/TC-SA-2013-01.txt",
"refsource": "MISC",
"url": "https://www.secuvera.de/advisories/TC-SA-2013-01.txt"
},
{
"name": "http://sourceforge.net/p/e107/svn/13079",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/e107/svn/13079"
},
{
"name": "20130403 TC-SA-2013-01: Reflected Cross-Site-Scripting (XSS) vulnerability in e107 CMS v1.0.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/526168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2750",
"datePublished": "2014-01-22T19:00:00",
"dateReserved": "2013-04-02T00:00:00",
"dateUpdated": "2024-08-06T15:44:33.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4920
Vulnerability from cvelistv5
Published
2012-01-04 19:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/78049 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/46706 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/78047 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72010 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/78048 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/51253 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72104 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2012/01/04/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78049"
},
{
"name": "46706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46706"
},
{
"name": "78047",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78047"
},
{
"name": "e107inc-multiple-xss(72010)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72010"
},
{
"name": "78048",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78048"
},
{
"name": "51253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51253"
},
{
"name": "e107inc-usersignatures-xss(72104)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72104"
},
{
"name": "[oss-security] 20120104 Re: CVE-request: Multiple e107 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "78049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78049"
},
{
"name": "46706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46706"
},
{
"name": "78047",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78047"
},
{
"name": "e107inc-multiple-xss(72010)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72010"
},
{
"name": "78048",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78048"
},
{
"name": "51253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51253"
},
{
"name": "e107inc-usersignatures-xss(72104)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72104"
},
{
"name": "[oss-security] 20120104 Re: CVE-request: Multiple e107 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78049",
"refsource": "OSVDB",
"url": "http://osvdb.org/78049"
},
{
"name": "46706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46706"
},
{
"name": "78047",
"refsource": "OSVDB",
"url": "http://osvdb.org/78047"
},
{
"name": "e107inc-multiple-xss(72010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72010"
},
{
"name": "78048",
"refsource": "OSVDB",
"url": "http://osvdb.org/78048"
},
{
"name": "51253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51253"
},
{
"name": "e107inc-usersignatures-xss(72104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72104"
},
{
"name": "[oss-security] 20120104 Re: CVE-request: Multiple e107 vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4920",
"datePublished": "2012-01-04T19:00:00",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:23:38.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2040
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:15
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/6529 | vdb-entry, x_refsource_OSVDB | |
| http://www.waraxe.us/index.php?modname=sa&id=31 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/10436 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/6527 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/6528 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16279 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16280 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/11740 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16281 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/6526 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=108588043007224&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=full-disclosure&m=108586723116427&w=2 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6529",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6529"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"name": "10436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10436"
},
{
"name": "6527",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6527"
},
{
"name": "6528",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6528"
},
{
"name": "e107-clock-menu-xss(16279)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16279"
},
{
"name": "e107-email-friend-xss(16280)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16280"
},
{
"name": "11740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11740"
},
{
"name": "e107-user-setting-xss(16281)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16281"
},
{
"name": "6526",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6526"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) \"email article to a friend\" field, (3) \"submit news\" field, or (4) avmsg parameter to usersettings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6529",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6529"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"name": "10436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10436"
},
{
"name": "6527",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6527"
},
{
"name": "6528",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6528"
},
{
"name": "e107-clock-menu-xss(16279)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16279"
},
{
"name": "e107-email-friend-xss(16280)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16280"
},
{
"name": "11740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11740"
},
{
"name": "e107-user-setting-xss(16281)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16281"
},
{
"name": "6526",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6526"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) \"email article to a friend\" field, (3) \"submit news\" field, or (4) avmsg parameter to usersettings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6529",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6529"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa\u0026id=31",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"name": "10436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10436"
},
{
"name": "6527",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6527"
},
{
"name": "6528",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6528"
},
{
"name": "e107-clock-menu-xss(16279)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16279"
},
{
"name": "e107-email-friend-xss(16280)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16280"
},
{
"name": "11740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11740"
},
{
"name": "e107-user-setting-xss(16281)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16281"
},
{
"name": "6526",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6526"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2040",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4906
Vulnerability from cvelistv5
Published
2008-11-04 00:00
Modified
2024-08-07 10:31
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/6885 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/32004 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46236 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/4551 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/32477 | third-party-advisory, x_refsource_SECUNIA | |
| http://z0rlu.blogspot.com/2008/10/e107-plugin-lyricsmenu-lyricssongphp.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:28.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6885",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6885"
},
{
"name": "32004",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32004"
},
{
"name": "lyrics-lyricssong-sql-injection(46236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46236"
},
{
"name": "4551",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4551"
},
{
"name": "32477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32477"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://z0rlu.blogspot.com/2008/10/e107-plugin-lyricsmenu-lyricssongphp.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6885",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6885"
},
{
"name": "32004",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32004"
},
{
"name": "lyrics-lyricssong-sql-injection(46236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46236"
},
{
"name": "4551",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4551"
},
{
"name": "32477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32477"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://z0rlu.blogspot.com/2008/10/e107-plugin-lyricsmenu-lyricssongphp.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6885",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6885"
},
{
"name": "32004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32004"
},
{
"name": "lyrics-lyricssong-sql-injection(46236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46236"
},
{
"name": "4551",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4551"
},
{
"name": "32477",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32477"
},
{
"name": "http://z0rlu.blogspot.com/2008/10/e107-plugin-lyricsmenu-lyricssongphp.html",
"refsource": "MISC",
"url": "http://z0rlu.blogspot.com/2008/10/e107-plugin-lyricsmenu-lyricssongphp.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4906",
"datePublished": "2008-11-04T00:00:00",
"dateReserved": "2008-11-03T00:00:00",
"dateUpdated": "2024-08-07T10:31:28.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6208
Vulnerability from cvelistv5
Published
2009-02-20 01:00
Modified
2024-08-07 11:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42248 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/28982 | vdb-entry, x_refsource_BID | |
| http://www.juniper.net/security/auto/vulnerabilities/vuln28982.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "e107-submitnews-xss(42248)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42248"
},
{
"name": "28982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28982"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28982.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "e107-submitnews-xss(42248)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42248"
},
{
"name": "28982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28982"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28982.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "e107-submitnews-xss(42248)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42248"
},
{
"name": "28982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28982"
},
{
"name": "http://www.juniper.net/security/auto/vulnerabilities/vuln28982.html",
"refsource": "MISC",
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28982.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6208",
"datePublished": "2009-02-20T01:00:00",
"dateReserved": "2009-02-19T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4084
Vulnerability from cvelistv5
Published
2009-11-27 20:45
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/508007/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://blog.bkis.com/e107-multiple-vulnerabilities/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/37087 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54373 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:08.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20091123 [Bkis-13-2009] e107 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508007/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.bkis.com/e107-multiple-vulnerabilities/"
},
{
"name": "37087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37087"
},
{
"name": "e107-search-sql-injection(54373)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20091123 [Bkis-13-2009] e107 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508007/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.bkis.com/e107-multiple-vulnerabilities/"
},
{
"name": "37087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37087"
},
{
"name": "e107-search-sql-injection(54373)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091123 [Bkis-13-2009] e107 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508007/100/0/threaded"
},
{
"name": "http://blog.bkis.com/e107-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "http://blog.bkis.com/e107-multiple-vulnerabilities/"
},
{
"name": "37087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37087"
},
{
"name": "e107-search-sql-injection(54373)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4084",
"datePublished": "2009-11-27T20:45:00",
"dateReserved": "2009-11-27T00:00:00",
"dateUpdated": "2024-08-07T06:54:08.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2098
Vulnerability from cvelistv5
Published
2010-05-27 22:00
Modified
2024-08-07 02:17
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:14.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://php-security.org/2010/05/15/mops-2010-029-cmsqlite-c-parameter-sql-injection-vulnerability/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11521\u0026r2=11538"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11538\u0026r2=11541"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-13T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://php-security.org/2010/05/15/mops-2010-029-cmsqlite-c-parameter-sql-injection-vulnerability/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11521\u0026r2=11538"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11538\u0026r2=11541"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://php-security.org/2010/05/15/mops-2010-029-cmsqlite-c-parameter-sql-injection-vulnerability/index.html",
"refsource": "MISC",
"url": "http://php-security.org/2010/05/15/mops-2010-029-cmsqlite-c-parameter-sql-injection-vulnerability/index.html"
},
{
"name": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11521\u0026r2=11538",
"refsource": "CONFIRM",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11521\u0026r2=11538"
},
{
"name": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11538\u0026r2=11541",
"refsource": "CONFIRM",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11538\u0026r2=11541"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2098",
"datePublished": "2010-05-27T22:00:00",
"dateReserved": "2010-05-27T00:00:00",
"dateUpdated": "2024-08-07T02:17:14.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2041
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:15
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.waraxe.us/index.php?modname=sa&id=31 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/10436 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/11740 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/6530 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16282 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108588043007224&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=full-disclosure&m=108586723116427&w=2 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"name": "10436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10436"
},
{
"name": "11740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11740"
},
{
"name": "6530",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6530"
},
{
"name": "e107-secure-img-render-file-include(16282)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16282"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"name": "10436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10436"
},
{
"name": "11740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11740"
},
{
"name": "6530",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6530"
},
{
"name": "e107-secure-img-render-file-include(16282)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16282"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/index.php?modname=sa\u0026id=31",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"name": "10436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10436"
},
{
"name": "11740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11740"
},
{
"name": "6530",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6530"
},
{
"name": "e107-secure-img-render-file-include(16282)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16282"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2041",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4785
Vulnerability from cvelistv5
Published
2008-10-29 14:00
Modified
2024-08-07 10:31
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31940 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/2940 | vdb-entry, x_refsource_VUPEN | |
| http://securityreason.com/securityalert/4530 | third-party-advisory, x_refsource_SREASON | |
| https://www.exploit-db.com/exploits/6849 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:27.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31940",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31940"
},
{
"name": "ADV-2008-2940",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2940"
},
{
"name": "4530",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4530"
},
{
"name": "6849",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6849"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31940",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31940"
},
{
"name": "ADV-2008-2940",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2940"
},
{
"name": "4530",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4530"
},
{
"name": "6849",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6849"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31940"
},
{
"name": "ADV-2008-2940",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2940"
},
{
"name": "4530",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4530"
},
{
"name": "6849",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6849"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4785",
"datePublished": "2008-10-29T14:00:00",
"dateReserved": "2008-10-29T00:00:00",
"dateUpdated": "2024-08-07T10:31:27.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0857
Vulnerability from cvelistv5
Published
2006-02-23 23:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/425388/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/16719 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24815 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060218 e107 CMS 0.7.2 Chatbox plugin XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425388/100/0/threaded"
},
{
"name": "16719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16719"
},
{
"name": "e107-chatbox-xss(24815)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060218 e107 CMS 0.7.2 Chatbox plugin XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425388/100/0/threaded"
},
{
"name": "16719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16719"
},
{
"name": "e107-chatbox-xss(24815)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060218 e107 CMS 0.7.2 Chatbox plugin XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425388/100/0/threaded"
},
{
"name": "16719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16719"
},
{
"name": "e107-chatbox-xss(24815)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0857",
"datePublished": "2006-02-23T23:00:00",
"dateReserved": "2006-02-23T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3444
Vulnerability from cvelistv5
Published
2009-09-28 22:00
Modified
2024-08-07 06:31
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36832 | third-party-advisory, x_refsource_SECUNIA | |
| http://websecurity.com.ua/3528 | x_refsource_MISC | |
| http://osvdb.org/58363 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/36517 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1022947 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/506704/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36832"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/3528"
},
{
"name": "58363",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58363"
},
{
"name": "36517",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36517"
},
{
"name": "1022947",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022947"
},
{
"name": "20090924 Cross-Site Scripting vulnerability in E107",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/506704/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36832"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/3528"
},
{
"name": "58363",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58363"
},
{
"name": "36517",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36517"
},
{
"name": "1022947",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022947"
},
{
"name": "20090924 Cross-Site Scripting vulnerability in E107",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/506704/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36832"
},
{
"name": "http://websecurity.com.ua/3528",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3528"
},
{
"name": "58363",
"refsource": "OSVDB",
"url": "http://osvdb.org/58363"
},
{
"name": "36517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36517"
},
{
"name": "1022947",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022947"
},
{
"name": "20090924 Cross-Site Scripting vulnerability in E107",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506704/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3444",
"datePublished": "2009-09-28T22:00:00",
"dateReserved": "2009-09-28T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3429
Vulnerability from cvelistv5
Published
2007-06-27 00:00
Modified
2024-08-07 14:14
Severity ?
EPSS score ?
Summary
Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.g00ns-forum.net/showthread.php?t=9388 | x_refsource_MISC | |
| http://osvdb.org/45426 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/24609 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/4099 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35022 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:13.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.g00ns-forum.net/showthread.php?t=9388"
},
{
"name": "45426",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45426"
},
{
"name": "24609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24609"
},
{
"name": "4099",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4099"
},
{
"name": "e107-signup-file-upload(35022)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.g00ns-forum.net/showthread.php?t=9388"
},
{
"name": "45426",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45426"
},
{
"name": "24609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24609"
},
{
"name": "4099",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4099"
},
{
"name": "e107-signup-file-upload(35022)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.g00ns-forum.net/showthread.php?t=9388",
"refsource": "MISC",
"url": "http://www.g00ns-forum.net/showthread.php?t=9388"
},
{
"name": "45426",
"refsource": "OSVDB",
"url": "http://osvdb.org/45426"
},
{
"name": "24609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24609"
},
{
"name": "4099",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4099"
},
{
"name": "e107-signup-file-upload(35022)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3429",
"datePublished": "2007-06-27T00:00:00",
"dateReserved": "2007-06-26T00:00:00",
"dateUpdated": "2024-08-07T14:14:13.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6433
Vulnerability from cvelistv5
Published
2013-01-03 11:00
Modified
2024-09-16 20:26
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://e107.org/changelog | x_refsource_CONFIRM | |
| http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?sortdir=down&r1=12622&r2=12992&sortby=rev | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/23828/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/changelog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?sortdir=down\u0026r1=12622\u0026r2=12992\u0026sortby=rev"
},
{
"name": "23828",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/23828/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-03T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/changelog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?sortdir=down\u0026r1=12622\u0026r2=12992\u0026sortby=rev"
},
{
"name": "23828",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/23828/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://e107.org/changelog",
"refsource": "CONFIRM",
"url": "http://e107.org/changelog"
},
{
"name": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?sortdir=down\u0026r1=12622\u0026r2=12992\u0026sortby=rev",
"refsource": "CONFIRM",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?sortdir=down\u0026r1=12622\u0026r2=12992\u0026sortby=rev"
},
{
"name": "23828",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/23828/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6433",
"datePublished": "2013-01-03T11:00:00Z",
"dateReserved": "2012-12-26T00:00:00Z",
"dateUpdated": "2024-09-16T20:26:18.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11127
Vulnerability from cvelistv5
Published
2018-05-15 17:00
Modified
2024-09-17 03:49
Severity ?
EPSS score ?
Summary
e107 2.1.7 has CSRF resulting in arbitrary user deletion.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/e107inc/e107/issues/3128 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:01:51.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/e107inc/e107/issues/3128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "e107 2.1.7 has CSRF resulting in arbitrary user deletion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-15T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/issues/3128"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107 2.1.7 has CSRF resulting in arbitrary user deletion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/e107inc/e107/issues/3128",
"refsource": "MISC",
"url": "https://github.com/e107inc/e107/issues/3128"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11127",
"datePublished": "2018-05-15T17:00:00Z",
"dateReserved": "2018-05-15T00:00:00Z",
"dateUpdated": "2024-09-17T03:49:00.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10753
Vulnerability from cvelistv5
Published
2019-05-24 17:40
Modified
2024-08-06 03:30
Severity ?
EPSS score ?
Summary
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
References
| ▼ | URL | Tags |
|---|---|---|
| https://demo.ripstech.com/projects/e107_2.1.2 | x_refsource_MISC | |
| https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:30:20.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://demo.ripstech.com/projects/e107_2.1.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-24T17:40:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://demo.ripstech.com/projects/e107_2.1.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://demo.ripstech.com/projects/e107_2.1.2",
"refsource": "MISC",
"url": "https://demo.ripstech.com/projects/e107_2.1.2"
},
{
"name": "https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/",
"refsource": "MISC",
"url": "https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10753",
"datePublished": "2019-05-24T17:40:34",
"dateReserved": "2019-05-24T00:00:00",
"dateUpdated": "2024-08-06T03:30:20.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4224
Vulnerability from cvelistv5
Published
2005-12-14 11:00
Modified
2024-08-07 23:38
Severity ?
EPSS score ?
Summary
Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/419280/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/21659 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2005/2861 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/21657 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/21658 | vdb-entry, x_refsource_OSVDB | |
| http://glide.stanford.edu/yichen/research/sec.pdf | x_refsource_MISC | |
| http://www.osvdb.org/21660 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/419487/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/18023/ | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "21659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21659"
},
{
"name": "ADV-2005-2861",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2861"
},
{
"name": "21657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21657"
},
{
"name": "21658",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21658"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "21660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21660"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "18023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18023/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple \"potential\" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "21659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21659"
},
{
"name": "ADV-2005-2861",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2861"
},
{
"name": "21657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21657"
},
{
"name": "21658",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21658"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "21660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21660"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "18023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18023/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple \"potential\" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "21659",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21659"
},
{
"name": "ADV-2005-2861",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2861"
},
{
"name": "21657",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21657"
},
{
"name": "21658",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21658"
},
{
"name": "http://glide.stanford.edu/yichen/research/sec.pdf",
"refsource": "MISC",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "21660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21660"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "18023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18023/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4224",
"datePublished": "2005-12-14T11:00:00",
"dateReserved": "2005-12-14T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0996
Vulnerability from cvelistv5
Published
2010-04-20 16:00
Modified
2024-08-07 01:06
Severity ?
EPSS score ?
Summary
Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required.
References
| ▼ | URL | Tags |
|---|---|---|
| http://e107.org/svn_changelog.php?version=0.7.20 | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2010/0919 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/39540 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/57932 | vdb-entry, x_refsource_XF | |
| http://secunia.com/secunia_research/2010-44/ | x_refsource_MISC | |
| http://e107.org/comment.php?comment.news.864 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/39013 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/510805/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://e107.org/svn_changelog.php?version=0.7.20"
},
{
"name": "ADV-2010-0919",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0919"
},
{
"name": "39540",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39540"
},
{
"name": "e107-phpfiletypesphp-file-upload(57932)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57932"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2010-44/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/comment.php?comment.news.864"
},
{
"name": "39013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39013"
},
{
"name": "20100419 Secunia Research: e107 Avatar/Photograph Image File Upload Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510805/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that \"an odd set of preferences and a missing file\" are required."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://e107.org/svn_changelog.php?version=0.7.20"
},
{
"name": "ADV-2010-0919",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0919"
},
{
"name": "39540",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39540"
},
{
"name": "e107-phpfiletypesphp-file-upload(57932)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57932"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2010-44/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/comment.php?comment.news.864"
},
{
"name": "39013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39013"
},
{
"name": "20100419 Secunia Research: e107 Avatar/Photograph Image File Upload Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510805/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-0996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that \"an odd set of preferences and a missing file\" are required."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://e107.org/svn_changelog.php?version=0.7.20",
"refsource": "MISC",
"url": "http://e107.org/svn_changelog.php?version=0.7.20"
},
{
"name": "ADV-2010-0919",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0919"
},
{
"name": "39540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39540"
},
{
"name": "e107-phpfiletypesphp-file-upload(57932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57932"
},
{
"name": "http://secunia.com/secunia_research/2010-44/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-44/"
},
{
"name": "http://e107.org/comment.php?comment.news.864",
"refsource": "CONFIRM",
"url": "http://e107.org/comment.php?comment.news.864"
},
{
"name": "39013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39013"
},
{
"name": "20100419 Secunia Research: e107 Avatar/Photograph Image File Upload Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510805/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2010-0996",
"datePublished": "2010-04-20T16:00:00",
"dateReserved": "2010-03-18T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3521
Vulnerability from cvelistv5
Published
2005-11-06 11:00
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22780 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1015069 | vdb-entry, x_refsource_SECTRACK | |
| http://marc.info/?l=bugtraq&m=112967223222966&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/20070 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/17237/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/15125 | vdb-entry, x_refsource_BID | |
| http://e107.org/news.php | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:22.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "e107-resetcore-sql-injection(22780)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22780"
},
{
"name": "1015069",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015069"
},
{
"name": "20051018 e107 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112967223222966\u0026w=2"
},
{
"name": "20070",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20070"
},
{
"name": "17237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17237/"
},
{
"name": "15125",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15125"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://e107.org/news.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "e107-resetcore-sql-injection(22780)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22780"
},
{
"name": "1015069",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015069"
},
{
"name": "20051018 e107 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112967223222966\u0026w=2"
},
{
"name": "20070",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20070"
},
{
"name": "17237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17237/"
},
{
"name": "15125",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15125"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://e107.org/news.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "e107-resetcore-sql-injection(22780)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22780"
},
{
"name": "1015069",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015069"
},
{
"name": "20051018 e107 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112967223222966\u0026w=2"
},
{
"name": "20070",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20070"
},
{
"name": "17237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17237/"
},
{
"name": "15125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15125"
},
{
"name": "http://e107.org/news.php",
"refsource": "CONFIRM",
"url": "http://e107.org/news.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3521",
"datePublished": "2005-11-06T11:00:00",
"dateReserved": "2005-11-06T00:00:00",
"dateUpdated": "2024-08-07T23:17:22.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1989
Vulnerability from cvelistv5
Published
2008-04-27 21:00
Modified
2024-08-07 08:41
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/28828 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/5459 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41867 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/29870 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28828",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28828"
},
{
"name": "5459",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5459"
},
{
"name": "123flashchat-e107path-file-include(41867)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41867"
},
{
"name": "29870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28828",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28828"
},
{
"name": "5459",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5459"
},
{
"name": "123flashchat-e107path-file-include(41867)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41867"
},
{
"name": "29870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28828"
},
{
"name": "5459",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5459"
},
{
"name": "123flashchat-e107path-file-include(41867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41867"
},
{
"name": "29870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1989",
"datePublished": "2008-04-27T21:00:00",
"dateReserved": "2008-04-27T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2042
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:15
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/6532 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/6531 | vdb-entry, x_refsource_OSVDB | |
| http://www.waraxe.us/index.php?modname=sa&id=31 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/10436 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16283 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/11740 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=108588043007224&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=full-disclosure&m=108586723116427&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://www.osvdb.org/6533 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6532",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6532"
},
{
"name": "6531",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6531"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"name": "10436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10436"
},
{
"name": "e107-content-news-sql-injection(16283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16283"
},
{
"name": "11740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11740"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
},
{
"name": "6533",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6532",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6532"
},
{
"name": "6531",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6531"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"name": "10436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10436"
},
{
"name": "e107-content-news-sql-injection(16283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16283"
},
{
"name": "11740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11740"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
},
{
"name": "6533",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6532",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6532"
},
{
"name": "6531",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6531"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa\u0026id=31",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"name": "10436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10436"
},
{
"name": "e107-content-news-sql-injection(16283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16283"
},
{
"name": "11740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11740"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
},
{
"name": "6533",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2042",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6069
Vulnerability from cvelistv5
Published
2009-02-06 01:00
Modified
2024-08-07 11:20
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/30561 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/493126/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42883 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:23.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30561",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30561"
},
{
"name": "20080605 e107 Plugin echat MENU Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493126/100/0/threaded"
},
{
"name": "echat-e107chat-sql-injection(42883)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30561",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30561"
},
{
"name": "20080605 e107 Plugin echat MENU Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493126/100/0/threaded"
},
{
"name": "echat-e107chat-sql-injection(42883)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30561"
},
{
"name": "20080605 e107 Plugin echat MENU Blind SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493126/100/0/threaded"
},
{
"name": "echat-e107chat-sql-injection(42883)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6069",
"datePublished": "2009-02-06T01:00:00",
"dateReserved": "2009-02-05T00:00:00",
"dateUpdated": "2024-08-07T11:20:23.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5320
Vulnerability from cvelistv5
Published
2008-12-03 19:00
Modified
2024-08-07 10:49
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/4683 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/31821 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/6791 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45967 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/32322 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2860 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4683",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4683"
},
{
"name": "31821",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31821"
},
{
"name": "6791",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6791"
},
{
"name": "e107-usersettings-sql-injection(45967)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45967"
},
{
"name": "32322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32322"
},
{
"name": "ADV-2008-2860",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4683",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4683"
},
{
"name": "31821",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31821"
},
{
"name": "6791",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6791"
},
{
"name": "e107-usersettings-sql-injection(45967)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45967"
},
{
"name": "32322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32322"
},
{
"name": "ADV-2008-2860",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4683",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4683"
},
{
"name": "31821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31821"
},
{
"name": "6791",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6791"
},
{
"name": "e107-usersettings-sql-injection(45967)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45967"
},
{
"name": "32322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32322"
},
{
"name": "ADV-2008-2860",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5320",
"datePublished": "2008-12-03T19:00:00",
"dateReserved": "2008-12-03T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2006-09-06 00:04
Modified
2024-11-21 00:16
Severity ?
Summary
e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter\u0027s hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107."
},
{
"lang": "es",
"value": "e107 0.75 y anteriores no se asignan correctamente variables cuando los datos de entrada incluyen un par\u00e1metro num\u00e9rico con un valor que empareja el valor del hash de un par\u00e1metro alfanum\u00e9rico, lo que permite a un atacante remoto ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s del par\u00e1metro tinyMCE_imglib_include image/jpeg en e107_handlers/tiny_mce/plugins/ibrowser/ibrowser como se demostr\u00f3 por una petici\u00f3n a multipart/form-data. NOTA: podr\u00eda ser discutido que esta vulnerabilidad se deba a un fallo en la desasignaci\u00f3n del comando de PHP (CVE-2006-3017) y el arreglo apropiado debe estar en PHP; si es as\u00ed entonces esto no se debe tratar como vulnerabilidad en e107."
}
],
"id": "CVE-2006-4548",
"lastModified": "2024-11-21T00:16:13.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-06T00:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/e107_075_xpl.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1497"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/444644/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/e107_075_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/444644/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-15 17:55
Modified
2024-11-21 01:21
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.6_10 | |
| e107 | e107 | 0.6_11 | |
| e107 | e107 | 0.6_12 | |
| e107 | e107 | 0.6_13 | |
| e107 | e107 | 0.6_14 | |
| e107 | e107 | 0.6_15 | |
| e107 | e107 | 0.6_15a | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.0 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.7.16 | |
| e107 | e107 | 0.7.17 | |
| e107 | e107 | 0.7.18 | |
| e107 | e107 | 0.7.19 | |
| e107 | e107 | 0.7.20 | |
| e107 | e107 | 0.7.21 | |
| e107 | e107 | 0.545 | |
| e107 | e107 | 0.547 | |
| e107 | e107 | 0.548 | |
| e107 | e107 | 0.549 | |
| e107 | e107 | 0.551 | |
| e107 | e107 | 0.552 | |
| e107 | e107 | 0.553 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.555 | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3AB3F8-1540-4078-B618-419419A1B942",
"versionEndIncluding": "0.7.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*",
"matchCriteriaId": "18C34EB0-7685-4346-81A2-371C1F19F6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB26A2A4-B0DE-4130-AA5F-76D5394A0614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*",
"matchCriteriaId": "90909932-AD39-4648-8621-5866F0C4AB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F208E9-3C39-4D00-B1E0-5CD0B315E740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*",
"matchCriteriaId": "27C7402F-54C9-4FDA-B181-85941DDC7010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5B2762-4A7C-45EE-8A1B-0E7939978321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "069F5C7C-F549-4B92-A1EA-6310CCF64334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF46A3-7197-4C00-8298-9B938B6EE97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B242DBD4-299A-49BC-B399-6C48E04D10DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "756D821D-63CA-4DCC-8335-679290C197BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAB4C3E-EE6F-4603-A829-25138966CADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "56459690-0C9E-4049-A20A-E17152913065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547:beta:*:*:*:*:*:*",
"matchCriteriaId": "EF6E08F0-004C-4A00-861D-72A9082C3F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548:beta:*:*:*:*:*:*",
"matchCriteriaId": "CBF301C0-0DEF-4922-85BF-66BF6192A745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549:beta:*:*:*:*:*:*",
"matchCriteriaId": "4805886F-099B-4808-A2FF-0A0B77CD566D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551:beta:*:*:*:*:*:*",
"matchCriteriaId": "984B6A2B-F9D5-48AB-8B57-DD62B200C441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552:beta:*:*:*:*:*:*",
"matchCriteriaId": "45D6F945-96D1-42A1-AE66-3D7988DE9A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553:beta:*:*:*:*:*:*",
"matchCriteriaId": "3065526A-4DDE-4F7F-97C5-2E0F3D0D106B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:beta:*:*:*:*:*:*",
"matchCriteriaId": "27ABDE74-B886-47A6-909B-7EA428260FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555:beta:*:*:*:*:*:*",
"matchCriteriaId": "DC65CB58-4F17-4F8D-9682-9D6C1B33F39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en submitnews.php de e107 en versiones anteriores a la 0.7.23 permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro submitnews_title. Un vector diferente al del CVE-2008-6208. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceras partes. NOTA: puede ser el mismo al del CVE-2009-4083.1 o CVE-2011-0457."
}
],
"id": "CVE-2010-4757",
"lastModified": "2024-11-21T01:21:41.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-15T17:55:01.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"source": "cve@mitre.org",
"url": "http://e107.org/svn_changelog.php?version=0.7.23"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?r1=11655\u0026r2=11654\u0026pathrev=11655"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1024351"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.madirish.net/?article=471"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://e107.org/svn_changelog.php?version=0.7.23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?r1=11655\u0026r2=11654\u0026pathrev=11655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.madirish.net/?article=471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61331"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-15 17:29
Modified
2024-11-21 03:42
Severity ?
Summary
e107 2.1.7 has CSRF resulting in arbitrary user deletion.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/e107inc/e107/issues/3128 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/e107inc/e107/issues/3128 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCF2D98-CD7A-4675-8A7F-D60C17B82CFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "e107 2.1.7 has CSRF resulting in arbitrary user deletion."
},
{
"lang": "es",
"value": "e107 2.1.7 tiene Cross-Site Request Forgery (CSRF) que resulta en la eliminaci\u00f3n de usuarios arbitrarios."
}
],
"id": "CVE-2018-11127",
"lastModified": "2024-11-21T03:42:42.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-15T17:29:00.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107/issues/3128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107/issues/3128"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-03 22:55
Modified
2024-11-21 01:41
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DD84FB-8CF3-4FD4-AB18-DCD3FF3A2F5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en la p\u00e1gina de registro en e107, probablemente v1.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-3843",
"lastModified": "2024-11-21T01:41:44.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-07-03T22:55:03.083",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hauntit.blogspot.com/2012/04/en-e107-cms-reflected-xss-in.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.org/files/112241/e107-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53271"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hauntit.blogspot.com/2012/04/en-e107-cms-reflected-xss-in.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.org/files/112241/e107-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75225"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-21 14:55
Modified
2024-11-21 02:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "63F589DB-FCB4-478A-BD47-91FE959A7A27",
"versionEndIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "BCD6DB24-A8BA-44CD-9932-49B3C55E6096",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en e107_admin/db.php en e107 2.0 alpha2 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro type."
}
],
"id": "CVE-2014-4734",
"lastModified": "2024-11-21T02:10:47.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-21T14:55:06.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/127499/e107-2.0-alpha2-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532801/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/68674"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/e107inc/e107/commit/f80e417bb3e7ab5c1a89ea9ddd2cd060f54464e1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/127499/e107-2.0-alpha2-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532801/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/68674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/e107inc/e107/commit/f80e417bb3e7ab5c1a89ea9ddd2cd060f54464e1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23220"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-06-16 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED52F96-48B9-4111-AAEB-4E9190114802",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter."
}
],
"id": "CVE-2005-1949",
"lastModified": "2024-11-20T23:58:28.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-06-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://e107plugins.co.uk/news.php"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111835539312985\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111868460811287\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://e107plugins.co.uk/news.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111835539312985\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111868460811287\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15678"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-26 21:29
Modified
2024-11-21 03:53
Severity ?
Summary
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/himanshurahi/e107_2.1.9_CSRF_POC | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/himanshurahi/e107_2.1.9_CSRF_POC | Exploit, Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D5032E-949D-493D-97D9-51ED1A990D98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=\u0026action=inline\u0026ajax_used=1\u0026id= for changing the title of an arbitrary page."
},
{
"lang": "es",
"value": "e107 2.1.9 permite Cross-Site Request Forgery (CSRF) mediante e107_admin/wmessage.php?mode=action=inlineajax_used=1id= para cambiar el t\u00edtulo de una p\u00e1gina arbitraria."
}
],
"id": "CVE-2018-17081",
"lastModified": "2024-11-21T03:53:50.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-26T21:29:01.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://github.com/himanshurahi/e107_2.1.9_CSRF_POC"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://github.com/himanshurahi/e107_2.1.9_CSRF_POC"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-15 00:02
Modified
2024-11-21 00:07
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.547_beta | |
| e107 | e107 | 0.548_beta | |
| e107 | e107 | 0.549_beta | |
| e107 | e107 | 0.551_beta | |
| e107 | e107 | 0.552_beta | |
| e107 | e107 | 0.553_beta | |
| e107 | e107 | 0.554_beta | |
| e107 | e107 | 0.555_beta | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 | |
| e107 | e107 | 5.1 | |
| e107 | e107 | 5.2 | |
| e107 | e107 | 5.3_beta | |
| e107 | e107 | 5.3_beta2 | |
| e107 | e107 | 5.04 | |
| e107 | e107 | 5.4_beta1 | |
| e107 | e107 | 5.4_beta3 | |
| e107 | e107 | 5.4_beta4 | |
| e107 | e107 | 5.4_beta5 | |
| e107 | e107 | 5.4_beta6 | |
| e107 | e107 | 5.05 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "437C4251-886C-4E94-B7F6-AE34A0142A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "761D4EE9-0D54-4370-BCBC-3C23481C127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E11E3F9E-708E-44CB-8FD2-E4961028B732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "8F38EB42-437C-4381-B36A-FD3DB78E724E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC957BA-D96C-41B7-9BD4-2ECD37C9C924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9E9AC1-5ECD-448F-B72A-1CE8228C2C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC4B3A4-2563-4C06-A484-5C02CD8F7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "CC274184-AD8E-4BC2-BC6A-4E64F354BFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4189588A-A887-4D27-B3A0-48A3DBBD5E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5549E7FF-4329-49F6-BF59-081DA7874BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.3_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "AA26A71E-F1E6-4EA0-9165-F7989FB89B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.3_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C90BAB9-2ACE-48E4-BC15-E88C2C370B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD219A3-4958-4EA9-A914-37D4F0A8A24D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "3417C70B-E531-49C8-971E-CC349FB5AA1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB5EF2F8-0A65-4C8C-A4A3-9B9B1151509C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "62FBE3F6-7685-43BA-B63B-28AA79330323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "94CC3B56-F1FC-452A-A0A7-4CF60089C1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "7524B12E-3D05-4CD1-B582-8A66EEC3F6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "590FE150-07AF-4E25-B8F8-D0E8500D73B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
],
"id": "CVE-2006-0682",
"lastModified": "2024-11-21T00:07:05.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-15T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://e107.org/comment.php?comment.news.776"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18816"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16614"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0540"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://e107.org/comment.php?comment.news.776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24625"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-16 15:59
Modified
2024-11-21 02:24
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7235CE-68CB-4685-B615-CE0EAB8C3A77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the \"Real Name\" value."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en usersettings.php en e107 2.0.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del valor \u0027Real Name\u0027."
}
],
"id": "CVE-2015-1057",
"lastModified": "2024-11-21T02:24:33.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-16T15:59:07.017",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/show/osvdb/116692"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/35679"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/show/osvdb/116692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/35679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99627"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-27 22:30
Modified
2024-11-21 01:15
Severity ?
Summary
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.6_10 | |
| e107 | e107 | 0.6_11 | |
| e107 | e107 | 0.6_12 | |
| e107 | e107 | 0.6_13 | |
| e107 | e107 | 0.6_14 | |
| e107 | e107 | 0.6_15 | |
| e107 | e107 | 0.6_15a | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.0 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.7.16 | |
| e107 | e107 | 0.7.17 | |
| e107 | e107 | 0.7.18 | |
| e107 | e107 | 0.7.19 | |
| e107 | e107 | 0.545 | |
| e107 | e107 | 0.547 | |
| e107 | e107 | 0.548 | |
| e107 | e107 | 0.549 | |
| e107 | e107 | 0.551 | |
| e107 | e107 | 0.552 | |
| e107 | e107 | 0.553 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.555 | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2F26CB-709E-4C1A-83B2-D0419AED17B1",
"versionEndIncluding": "0.7.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*",
"matchCriteriaId": "18C34EB0-7685-4346-81A2-371C1F19F6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB26A2A4-B0DE-4130-AA5F-76D5394A0614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*",
"matchCriteriaId": "90909932-AD39-4648-8621-5866F0C4AB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F208E9-3C39-4D00-B1E0-5CD0B315E740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*",
"matchCriteriaId": "27C7402F-54C9-4FDA-B181-85941DDC7010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5B2762-4A7C-45EE-8A1B-0E7939978321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "069F5C7C-F549-4B92-A1EA-6310CCF64334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF46A3-7197-4C00-8298-9B938B6EE97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B242DBD4-299A-49BC-B399-6C48E04D10DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "756D821D-63CA-4DCC-8335-679290C197BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547:beta:*:*:*:*:*:*",
"matchCriteriaId": "EF6E08F0-004C-4A00-861D-72A9082C3F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548:beta:*:*:*:*:*:*",
"matchCriteriaId": "CBF301C0-0DEF-4922-85BF-66BF6192A745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549:beta:*:*:*:*:*:*",
"matchCriteriaId": "4805886F-099B-4808-A2FF-0A0B77CD566D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551:beta:*:*:*:*:*:*",
"matchCriteriaId": "984B6A2B-F9D5-48AB-8B57-DD62B200C441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552:beta:*:*:*:*:*:*",
"matchCriteriaId": "45D6F945-96D1-42A1-AE66-3D7988DE9A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553:beta:*:*:*:*:*:*",
"matchCriteriaId": "3065526A-4DDE-4F7F-97C5-2E0F3D0D106B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:beta:*:*:*:*:*:*",
"matchCriteriaId": "27ABDE74-B886-47A6-909B-7EA428260FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555:beta:*:*:*:*:*:*",
"matchCriteriaId": "DC65CB58-4F17-4F8D-9682-9D6C1B33F39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method."
},
{
"lang": "es",
"value": "bbcode/php.bb en e107 v0.7.20 y anteriores, no realiza una validaci\u00f3n del control de acceso para las entradas que podr\u00edan contener la etiqueta php \"bbcode\", lo que permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n, como se ha demostrado empleando el m\u00e9todo toEmail en contact.php. Relacionado con la invocaci\u00f3n del m\u00e9todo toHTML."
}
],
"id": "CVE-2010-2099",
"lastModified": "2024-11-21T01:15:54.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-27T22:30:02.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40252"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-07 11:03
Modified
2024-11-21 00:03
Severity ?
Summary
e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site."
}
],
"id": "CVE-2005-4052",
"lastModified": "2024-11-21T00:03:23.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-07T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17890/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/229"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/418577/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17890/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/418577/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-16 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&" in the eping_host parameter, which is not handled by the validation function.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED52F96-48B9-4111-AAEB-4E9190114802",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as \"\u003e\" and \"\u0026\" in the eping_host parameter, which is not handled by the validation function."
}
],
"id": "CVE-2005-2559",
"lastModified": "2024-11-20T23:59:50.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"URL Repurposed"
],
"url": "http://e107plugins.co.uk/news.php"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112328161319148\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"URL Repurposed"
],
"url": "http://e107plugins.co.uk/news.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112328161319148\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-03 19:30
Modified
2024-11-21 00:53
Severity ?
Summary
SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.547_beta | |
| e107 | e107 | 0.548_beta | |
| e107 | e107 | 0.549_beta | |
| e107 | e107 | 0.551_beta | |
| e107 | e107 | 0.552_beta | |
| e107 | e107 | 0.553_beta | |
| e107 | e107 | 0.554_beta | |
| e107 | e107 | 0.555_beta | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 | |
| e107 | e107 | 5.1 | |
| e107 | e107 | 5.3_beta | |
| e107 | e107 | 5.3_beta2 | |
| e107 | e107 | 5.04 | |
| e107 | e107 | 5.4_beta1 | |
| e107 | e107 | 5.4_beta3 | |
| e107 | e107 | 5.4_beta4 | |
| e107 | e107 | 5.4_beta5 | |
| e107 | e107 | 5.4_beta6 | |
| e107 | e107 | 5.05 | |
| e107 | e107 | 5.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C676F07-E60C-405B-9200-C58A5286D818",
"versionEndIncluding": "0.7.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "437C4251-886C-4E94-B7F6-AE34A0142A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "761D4EE9-0D54-4370-BCBC-3C23481C127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E11E3F9E-708E-44CB-8FD2-E4961028B732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "8F38EB42-437C-4381-B36A-FD3DB78E724E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC957BA-D96C-41B7-9BD4-2ECD37C9C924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9E9AC1-5ECD-448F-B72A-1CE8228C2C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC4B3A4-2563-4C06-A484-5C02CD8F7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "CC274184-AD8E-4BC2-BC6A-4E64F354BFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4189588A-A887-4D27-B3A0-48A3DBBD5E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.3_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "AA26A71E-F1E6-4EA0-9165-F7989FB89B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.3_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C90BAB9-2ACE-48E4-BC15-E88C2C370B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD219A3-4958-4EA9-A914-37D4F0A8A24D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "3417C70B-E531-49C8-971E-CC349FB5AA1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB5EF2F8-0A65-4C8C-A4A3-9B9B1151509C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "62FBE3F6-7685-43BA-B63B-28AA79330323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "94CC3B56-F1FC-452A-A0A7-4CF60089C1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "7524B12E-3D05-4CD1-B582-8A66EEC3F6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "590FE150-07AF-4E25-B8F8-D0E8500D73B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F515DEBF-B55A-4B42-8E1F-AB9A2C3DD8DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el archivo usersettings.php en e107 0.7.13 y versiones anteriores, permite a los usuarios remotos autentificados ejecutar arbitrariamente comandos SQL a trav\u00e9s del par\u00e1metro ue[]."
}
],
"id": "CVE-2008-5320",
"lastModified": "2024-11-21T00:53:49.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-03T19:30:00.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32322"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4683"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31821"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2860"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45967"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6791"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-20 01:30
Modified
2024-11-21 00:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en submitnews.php en e107 CMS v0.7.11 permite a atacantes remotos inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) author_name, (2) itemtitle, y (3) item.\r\nNOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles han sido obtenidos solamente a partir de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-6208",
"lastModified": "2024-11-21T00:55:56.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-20T01:30:05.170",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28982.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28982"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28982.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42248"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-10 06:59
Modified
2024-11-21 00:55
Severity ?
Summary
SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 123flashchat | echat_plugin | 4.2 | |
| e107 | e107 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:123flashchat:echat_plugin:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72481E3E-5490-4897-AA74-BB6FDABCF87C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED52F96-48B9-4111-AAEB-4E9190114802",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en e107chat.php en el componente eChat v4.2 para e107, cuando magic_quotes_gpc est\u00e1 deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"nick\"."
}
],
"id": "CVE-2008-6069",
"lastModified": "2024-11-21T00:55:35.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-10T06:59:34.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30561"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493126/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493126/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42883"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 19:29
Modified
2024-11-21 03:51
Severity ?
Summary
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/dhananjay-bajaj/e107_2.1.8_csrf | Third Party Advisory | |
| nvd@nist.gov | https://github.com/dhananjay-bajaj/e107_2.1.8_csrf/blob/master/E107_v2.1.8_CSRF_POC.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/dhananjay-bajaj/e107_2.1.8_csrf | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0ECC71-9F7A-4634-B3DD-A6C60C1DA78C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "e107 2.1.8 has CSRF in \u0027usersettings.php\u0027 with an impact of changing details such as passwords of users including administrators."
},
{
"lang": "es",
"value": "e107 2.1.8 tiene Cross-Site Request Forgery (CSRF) en \"usersettings.php\" que afecta al cambio de detalles como las contrase\u00f1as de los usuarios, incluyendo a los administradores."
}
],
"id": "CVE-2018-15901",
"lastModified": "2024-11-21T03:51:40.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T19:29:18.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/dhananjay-bajaj/e107_2.1.8_csrf"
},
{
"source": "nvd@nist.gov",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/dhananjay-bajaj/e107_2.1.8_csrf/blob/master/E107_v2.1.8_CSRF_POC.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/dhananjay-bajaj/e107_2.1.8_csrf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-03 11:54
Modified
2024-11-21 01:46
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B72F4ED-2B19-4D51-9411-39FFACA94DD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de fasificaci\u00f3n de peticiones en sitios cruzados (CSRF) en e107_admin/download.php en e107 v1.0.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores de las peticiones que realizan los ataques de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, o (8) download_class parameter."
}
],
"id": "CVE-2012-6434",
"lastModified": "2024-11-21T01:46:07.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-03T11:54:26.573",
"references": [
{
"source": "cve@mitre.org",
"url": "http://e107.org/changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/download.php?sortdir=down\u0026r1=13037\u0026r2=13058\u0026sortby=rev"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/23829/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://e107.org/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/download.php?sortdir=down\u0026r1=13037\u0026r2=13058\u0026sortby=rev"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/23829/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-12 16:29
Modified
2024-11-21 03:52
Severity ?
Summary
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0ECC71-9F7A-4634-B3DD-A6C60C1DA78C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter."
},
{
"lang": "es",
"value": "e107_admin/banlist.php en e107 2.1.8 permite la inyecci\u00f3n SQL mediante el par\u00e1metro old_ip"
}
],
"id": "CVE-2018-16389",
"lastModified": "2024-11-21T03:52:39.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-12T16:29:02.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/ommadawn46/51e08e13e6980dcbcffb4322c29b93d0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/e107inc/e107/commit/ec483e9379aa622bfcc1b853b189c74288771f27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/ommadawn46/51e08e13e6980dcbcffb4322c29b93d0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/e107inc/e107/commit/ec483e9379aa622bfcc1b853b189c74288771f27"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-31 22:55
Modified
2024-11-21 01:33
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.0 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.7.16 | |
| e107 | e107 | 0.7.17 | |
| e107 | e107 | 0.7.18 | |
| e107 | e107 | 0.7.19 | |
| e107 | e107 | 0.7.20 | |
| e107 | e107 | 0.7.21 | |
| e107 | e107 | 0.7.22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC38566-37E2-4BA6-9774-1D728633145D",
"versionEndIncluding": "0.7.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5B2762-4A7C-45EE-8A1B-0E7939978321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "069F5C7C-F549-4B92-A1EA-6310CCF64334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF46A3-7197-4C00-8298-9B938B6EE97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B242DBD4-299A-49BC-B399-6C48E04D10DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "756D821D-63CA-4DCC-8335-679290C197BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAB4C3E-EE6F-4603-A829-25138966CADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "56459690-0C9E-4049-A20A-E17152913065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C0202-89BE-44EE-AD44-B3AF8A41671C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de fasificaci\u00f3n de peticiones en sitios cruzados (CSRF) en e107_admin/users_extended.php en e107 anteriores a v0.7.26 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios administradores en peticiones para insertar secuencias de comandos en sitios cruzados (XSS) a trav\u00e9s del par\u00e1metro user_include."
}
],
"id": "CVE-2011-4947",
"lastModified": "2024-11-21T01:33:20.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-31T22:55:01.263",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://e107.org/svn_changelog.php?version=0.7.26"
},
{
"source": "secalert@redhat.com",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225\u0026r2=12306"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/3"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68062"
},
{
"source": "secalert@redhat.com",
"url": "https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://e107.org/svn_changelog.php?version=0.7.26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225\u0026r2=12306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-14 21:07
Modified
2024-11-21 00:16
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante la cadena de consulta (PATH_INFO) en (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, y (9) user.php. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2006-4794",
"lastModified": "2024-11-21T00:16:46.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-14T21:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30979"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30980"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30981"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30982"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30983"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30984"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30985"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30986"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30987"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19997"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-06 11:03
Modified
2024-11-21 00:02
Severity ?
Summary
SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page."
}
],
"id": "CVE-2005-3521",
"lastModified": "2024-11-21T00:02:05.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-06T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://e107.org/news.php"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112967223222966\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17237/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015069"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20070"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15125"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://e107.org/news.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112967223222966\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17237/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22780"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-25 10:02
Modified
2024-11-21 00:11
Severity ?
Summary
Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an \"emailing exploit\"."
}
],
"id": "CVE-2006-2591",
"lastModified": "2024-11-21T00:11:39.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-25T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://e107.org/comment.php?comment.news.788"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20262"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25740"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://e107.org/comment.php?comment.news.788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1963"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-19 17:15
Modified
2024-11-21 03:54
Severity ?
Summary
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Kiss-sh0t/e107_v2.1.9_XSS_poc | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/e107inc/e107/issues/3414 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Kiss-sh0t/e107_v2.1.9_XSS_poc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/e107inc/e107/issues/3414 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D5032E-949D-493D-97D9-51ED1A990D98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php."
},
{
"lang": "es",
"value": "Se detecto un problema en e107 v2.1.9. Existe un ataque XSS en e107_admin / comment.php."
}
],
"id": "CVE-2018-17423",
"lastModified": "2024-11-21T03:54:22.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-19T17:15:10.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Kiss-sh0t/e107_v2.1.9_XSS_poc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107/issues/3414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Kiss-sh0t/e107_v2.1.9_XSS_poc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107/issues/3414"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-05-29 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) \"email article to a friend\" field, (3) \"submit news\" field, or (4) avmsg parameter to usersettings.php."
}
],
"id": "CVE-2004-2040",
"lastModified": "2024-11-20T23:52:21.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-05-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11740"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6526"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6527"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6528"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6529"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10436"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16279"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16280"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16281"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-27 21:05
Modified
2024-11-21 00:45
Severity ?
Summary
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 123flashchat | 123_flash_chat_module | 6.8.0 | |
| e107 | e107 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:123flashchat:123_flash_chat_module:6.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8C7D14-E586-458B-98FE-F23A1182ADAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED52F96-48B9-4111-AAEB-4E9190114802",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inclusi\u00f3n de fichero PHP remoto en 123flashchat.php en el m\u00f3dulo 123 Flash Chat 6.8.0 de e107, cuando \u0027register_globals\u0027 est\u00e1 habilitado, permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro \"e107patch\"."
}
],
"id": "CVE-2008-1989",
"lastModified": "2024-11-21T00:45:49.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-27T21:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29870"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28828"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41867"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5459"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-05-29 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php."
}
],
"id": "CVE-2004-2042",
"lastModified": "2024-11-20T23:52:21.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-05-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11740"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6531"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Tool Signature",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6532"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6533"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10436"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Tool Signature",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16283"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-28 22:30
Modified
2024-11-21 01:07
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.6_10 | |
| e107 | e107 | 0.6_11 | |
| e107 | e107 | 0.6_12 | |
| e107 | e107 | 0.6_13 | |
| e107 | e107 | 0.6_14 | |
| e107 | e107 | 0.6_15 | |
| e107 | e107 | 0.6_15a | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.545 | |
| e107 | e107 | 0.547_beta | |
| e107 | e107 | 0.548_beta | |
| e107 | e107 | 0.549_beta | |
| e107 | e107 | 0.551_beta | |
| e107 | e107 | 0.552_beta | |
| e107 | e107 | 0.553_beta | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.554_beta | |
| e107 | e107 | 0.555_beta | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "358194A8-3BAB-4CA7-9546-C5A598FA911C",
"versionEndIncluding": "0.7.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*",
"matchCriteriaId": "18C34EB0-7685-4346-81A2-371C1F19F6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB26A2A4-B0DE-4130-AA5F-76D5394A0614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*",
"matchCriteriaId": "90909932-AD39-4648-8621-5866F0C4AB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F208E9-3C39-4D00-B1E0-5CD0B315E740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*",
"matchCriteriaId": "27C7402F-54C9-4FDA-B181-85941DDC7010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "437C4251-886C-4E94-B7F6-AE34A0142A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "761D4EE9-0D54-4370-BCBC-3C23481C127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E11E3F9E-708E-44CB-8FD2-E4961028B732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "8F38EB42-437C-4381-B36A-FD3DB78E724E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC957BA-D96C-41B7-9BD4-2ECD37C9C924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9E9AC1-5ECD-448F-B72A-1CE8228C2C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC4B3A4-2563-4C06-A484-5C02CD8F7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "CC274184-AD8E-4BC2-BC6A-4E64F354BFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en email.php en e107 v0.7.16 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de la cabecera HTTP Referer en una acci\u00f3n news.1 (tambi\u00e9n conocida como noticias (news) a correo (email)."
}
],
"id": "CVE-2009-3444",
"lastModified": "2024-11-21T01:07:22.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-09-28T22:30:00.983",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/58363"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36832"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/3528"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/506704/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36517"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/58363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/3528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/506704/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022947"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-29 13:07
Modified
2024-11-21 01:08
Severity ?
Summary
SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.6_10 | |
| e107 | e107 | 0.6_11 | |
| e107 | e107 | 0.6_12 | |
| e107 | e107 | 0.6_13 | |
| e107 | e107 | 0.6_14 | |
| e107 | e107 | 0.6_15 | |
| e107 | e107 | 0.6_15a | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.545 | |
| e107 | e107 | 0.547_beta | |
| e107 | e107 | 0.548_beta | |
| e107 | e107 | 0.549_beta | |
| e107 | e107 | 0.551_beta | |
| e107 | e107 | 0.552_beta | |
| e107 | e107 | 0.553_beta | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.554_beta | |
| e107 | e107 | 0.555_beta | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "358194A8-3BAB-4CA7-9546-C5A598FA911C",
"versionEndIncluding": "0.7.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*",
"matchCriteriaId": "18C34EB0-7685-4346-81A2-371C1F19F6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB26A2A4-B0DE-4130-AA5F-76D5394A0614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*",
"matchCriteriaId": "90909932-AD39-4648-8621-5866F0C4AB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F208E9-3C39-4D00-B1E0-5CD0B315E740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*",
"matchCriteriaId": "27C7402F-54C9-4FDA-B181-85941DDC7010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "437C4251-886C-4E94-B7F6-AE34A0142A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "761D4EE9-0D54-4370-BCBC-3C23481C127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E11E3F9E-708E-44CB-8FD2-E4961028B732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "8F38EB42-437C-4381-B36A-FD3DB78E724E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC957BA-D96C-41B7-9BD4-2ECD37C9C924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9E9AC1-5ECD-448F-B72A-1CE8228C2C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC4B3A4-2563-4C06-A484-5C02CD8F7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "CC274184-AD8E-4BC2-BC6A-4E64F354BFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la caracter\u00edstica de b\u00fasqueda en e107 v0.7.16 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores vectores no especificados."
}
],
"id": "CVE-2009-4084",
"lastModified": "2024-11-21T01:08:53.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-29T13:07:34.750",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.bkis.com/e107-multiple-vulnerabilities/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/508007/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37087"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.bkis.com/e107-multiple-vulnerabilities/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/508007/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54373"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-15 17:55
Modified
2024-11-21 01:24
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.6_10 | |
| e107 | e107 | 0.6_11 | |
| e107 | e107 | 0.6_12 | |
| e107 | e107 | 0.6_13 | |
| e107 | e107 | 0.6_14 | |
| e107 | e107 | 0.6_15 | |
| e107 | e107 | 0.6_15a | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.0 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.7.16 | |
| e107 | e107 | 0.7.17 | |
| e107 | e107 | 0.7.18 | |
| e107 | e107 | 0.7.19 | |
| e107 | e107 | 0.7.20 | |
| e107 | e107 | 0.7.21 | |
| e107 | e107 | 0.545 | |
| e107 | e107 | 0.547 | |
| e107 | e107 | 0.548 | |
| e107 | e107 | 0.549 | |
| e107 | e107 | 0.551 | |
| e107 | e107 | 0.552 | |
| e107 | e107 | 0.553 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.555 | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3AB3F8-1540-4078-B618-419419A1B942",
"versionEndIncluding": "0.7.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*",
"matchCriteriaId": "18C34EB0-7685-4346-81A2-371C1F19F6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB26A2A4-B0DE-4130-AA5F-76D5394A0614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*",
"matchCriteriaId": "90909932-AD39-4648-8621-5866F0C4AB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F208E9-3C39-4D00-B1E0-5CD0B315E740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*",
"matchCriteriaId": "27C7402F-54C9-4FDA-B181-85941DDC7010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5B2762-4A7C-45EE-8A1B-0E7939978321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "069F5C7C-F549-4B92-A1EA-6310CCF64334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF46A3-7197-4C00-8298-9B938B6EE97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B242DBD4-299A-49BC-B399-6C48E04D10DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "756D821D-63CA-4DCC-8335-679290C197BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAB4C3E-EE6F-4603-A829-25138966CADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "56459690-0C9E-4049-A20A-E17152913065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547:beta:*:*:*:*:*:*",
"matchCriteriaId": "EF6E08F0-004C-4A00-861D-72A9082C3F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548:beta:*:*:*:*:*:*",
"matchCriteriaId": "CBF301C0-0DEF-4922-85BF-66BF6192A745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549:beta:*:*:*:*:*:*",
"matchCriteriaId": "4805886F-099B-4808-A2FF-0A0B77CD566D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551:beta:*:*:*:*:*:*",
"matchCriteriaId": "984B6A2B-F9D5-48AB-8B57-DD62B200C441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552:beta:*:*:*:*:*:*",
"matchCriteriaId": "45D6F945-96D1-42A1-AE66-3D7988DE9A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553:beta:*:*:*:*:*:*",
"matchCriteriaId": "3065526A-4DDE-4F7F-97C5-2E0F3D0D106B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:beta:*:*:*:*:*:*",
"matchCriteriaId": "27ABDE74-B886-47A6-909B-7EA428260FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555:beta:*:*:*:*:*:*",
"matchCriteriaId": "DC65CB58-4F17-4F8D-9682-9D6C1B33F39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en e107 0.7.22 y versiones anteriores permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2011-0457",
"lastModified": "2024-11-21T01:24:01.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-15T17:55:03.780",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch"
],
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://e107.org/svn_changelog.php?version=0.7.23"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN01635457/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://e107.org/svn_changelog.php?version=0.7.23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN01635457/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-23 23:02
Modified
2024-11-21 00:07
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | chatbox_plugin | 1.0 | |
| e107 | e107 | 0.7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:chatbox_plugin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27FDDC0B-E65A-45E8-92F0-353B6380A237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element."
}
],
"id": "CVE-2006-0857",
"lastModified": "2024-11-21T00:07:29.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-23T23:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/425388/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16719"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425388/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24815"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-16 10:02
Modified
2024-11-21 00:11
Severity ?
Summary
SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name'].
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | 0.6_10 | |
| e107 | e107 | 0.6_11 | |
| e107 | e107 | 0.6_12 | |
| e107 | e107 | 0.6_13 | |
| e107 | e107 | 0.6_14 | |
| e107 | e107 | 0.6_15 | |
| e107 | e107 | 0.6_15a | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.545 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.555_beta | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6175 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*",
"matchCriteriaId": "18C34EB0-7685-4346-81A2-371C1F19F6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB26A2A4-B0DE-4130-AA5F-76D5394A0614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*",
"matchCriteriaId": "90909932-AD39-4648-8621-5866F0C4AB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F208E9-3C39-4D00-B1E0-5CD0B315E740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*",
"matchCriteriaId": "27C7402F-54C9-4FDA-B181-85941DDC7010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "CC274184-AD8E-4BC2-BC6A-4E64F354BFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref[\u0027cookie_name\u0027]."
}
],
"evaluatorSolution": "Update to version 0.7.4.\r\nhttp://e107.org/edownload.php",
"id": "CVE-2006-2416",
"lastModified": "2024-11-21T00:11:16.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-16T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20089"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/905"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/25521"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/433938/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17966"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1802"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/25521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/433938/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26434"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-29 13:07
Modified
2024-11-21 01:08
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.6_10 | |
| e107 | e107 | 0.6_11 | |
| e107 | e107 | 0.6_12 | |
| e107 | e107 | 0.6_13 | |
| e107 | e107 | 0.6_14 | |
| e107 | e107 | 0.6_15 | |
| e107 | e107 | 0.6_15a | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.545 | |
| e107 | e107 | 0.547_beta | |
| e107 | e107 | 0.548_beta | |
| e107 | e107 | 0.549_beta | |
| e107 | e107 | 0.551_beta | |
| e107 | e107 | 0.552_beta | |
| e107 | e107 | 0.553_beta | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.554_beta | |
| e107 | e107 | 0.555_beta | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "358194A8-3BAB-4CA7-9546-C5A598FA911C",
"versionEndIncluding": "0.7.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*",
"matchCriteriaId": "18C34EB0-7685-4346-81A2-371C1F19F6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB26A2A4-B0DE-4130-AA5F-76D5394A0614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*",
"matchCriteriaId": "90909932-AD39-4648-8621-5866F0C4AB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F208E9-3C39-4D00-B1E0-5CD0B315E740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*",
"matchCriteriaId": "27C7402F-54C9-4FDA-B181-85941DDC7010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "437C4251-886C-4E94-B7F6-AE34A0142A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "761D4EE9-0D54-4370-BCBC-3C23481C127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E11E3F9E-708E-44CB-8FD2-E4961028B732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "8F38EB42-437C-4381-B36A-FD3DB78E724E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC957BA-D96C-41B7-9BD4-2ECD37C9C924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9E9AC1-5ECD-448F-B72A-1CE8228C2C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC4B3A4-2563-4C06-A484-5C02CD8F7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "CC274184-AD8E-4BC2-BC6A-4E64F354BFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados(XSS) en e107 v0.7.16 y anteriores permite a atacantes remotos permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados en (1) submitnews.php, (2) usersettings.php; y (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, y(11) mailout.php en e107_admin/. NOTA: esta vulnerabilidad puede solaparse con CVE-2004-2040 y CVE-2006-4794, pero no hay suficientes detalles para tener certeza."
}
],
"id": "CVE-2009-4083",
"lastModified": "2024-11-21T01:08:53.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-29T13:07:34.717",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.bkis.com/e107-multiple-vulnerabilities/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/508007/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37087"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.bkis.com/e107-multiple-vulnerabilities/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/508007/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54372"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-06 18:30
Modified
2024-11-21 00:56
Severity ?
Summary
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107coders | macguru_blog_engine_plugin | 2.2 | |
| e107 | e107 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107coders:macguru_blog_engine_plugin:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA401E0-464B-4424-A18C-0F597D477C26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED52F96-48B9-4111-AAEB-4E9190114802",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en macgurublog_menu/macgurublog.php en la extensi\u00f3n (plugin) MacGuru BLOG Engine v2.2 para e107 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"uid\", un vector diferente a CVE-2008-2455."
}
],
"id": "CVE-2008-6438",
"lastModified": "2024-11-21T00:56:32.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-06T18:30:00.657",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51408"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30212"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/492506/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29344"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2468"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42715"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5666"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6346"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492506/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6856"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-10 18:15
Modified
2024-11-21 03:43
Severity ?
Summary
In e107 v2.1.7, output without filtering results in XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/e107inc/e107/issues/3170 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/e107inc/e107/issues/3170 | Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCF2D98-CD7A-4675-8A7F-D60C17B82CFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In e107 v2.1.7, output without filtering results in XSS."
},
{
"lang": "es",
"value": "En e107 versi\u00f3n v2.1.7, una salida sin filtrar resulta en un problema de tipo XSS."
}
],
"id": "CVE-2018-11734",
"lastModified": "2024-11-21T03:43:55.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-10T18:15:10.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107/issues/3170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107/issues/3170"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-29 14:22
Modified
2024-11-21 00:52
Severity ?
Summary
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | easyshop_plugin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED52F96-48B9-4111-AAEB-4E9190114802",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:easyshop_plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13355C0F-F242-4376-A194-3B2217CC0B84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de SQL en easyshop.php del plugin EasyShop para e107 permite a un atacante remoto ejecutar comandos SQL de su elecci\u00f3n por medio del par\u00e1metro category_id."
}
],
"id": "CVE-2008-4786",
"lastModified": "2024-11-21T00:52:33.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-29T14:22:38.540",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4531"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31948"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46147"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6852"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-25 10:02
Modified
2024-11-21 00:11
Severity ?
Summary
SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."
}
],
"id": "CVE-2006-2590",
"lastModified": "2024-11-21T00:11:39.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-25T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://e107.org/comment.php?comment.news.788"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20262"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25739"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://e107.org/comment.php?comment.news.788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1963"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-06 22:03
Modified
2024-11-21 00:00
Severity ?
Summary
forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number."
}
],
"id": "CVE-2005-2805",
"lastModified": "2024-11-21T00:00:28.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-06T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112544896117131\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14699"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112544896117131\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22059"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-27 00:30
Modified
2024-11-21 00:33
Severity ?
Summary
Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg."
},
{
"lang": "es",
"value": "Vulnerabilidad de subida de fichero no restringida en signup.php de e107 0.7.8 y anteriores, cuando la subida de fotograf\u00edas est\u00e1 habilitada, permite a atacantes remotos subir y ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante un nombre de fichero con una extensi\u00f3n doble como .php.jpg."
}
],
"id": "CVE-2007-3429",
"lastModified": "2024-11-21T00:33:13.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-27T00:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/45426"
},
{
"source": "cve@mitre.org",
"url": "http://www.g00ns-forum.net/showthread.php?t=9388"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24609"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35022"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/45426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.g00ns-forum.net/showthread.php?t=9388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4099"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-24 18:29
Modified
2024-11-21 02:44
Severity ?
Summary
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://demo.ripstech.com/projects/e107_2.1.2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://demo.ripstech.com/projects/e107_2.1.2 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9738DBAB-15C6-45A1-AD5E-E37C60E4D73F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC."
},
{
"lang": "es",
"value": "e107 versi\u00f3n 2.1.2, permite la inyecci\u00f3n de objetos PHP teniendo como resultado la inyecci\u00f3n SQL, porque el archivo usersettings.php usa deserializaci\u00f3n sin un HMAC."
}
],
"id": "CVE-2016-10753",
"lastModified": "2024-11-21T02:44:40.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-24T18:29:00.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://demo.ripstech.com/projects/e107_2.1.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://demo.ripstech.com/projects/e107_2.1.2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-04 19:55
Modified
2024-11-21 01:33
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4C218B8E-ED52-4F5B-A3FC-CEB3FF8D11DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en e107 v0.7.26 y otras versiones anteriores a v1.0.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la URL en (1) e107_images/thumb.php o (2) rate.php, (3) el par\u00e1metro resend_name en e107_admin/users.php, y (4) link BBCode en user signatures."
}
],
"id": "CVE-2011-4920",
"lastModified": "2024-11-21T01:33:18.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-04T19:55:02.147",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/78047"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/78048"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/78049"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46706"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/51253"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72010"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72104"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-07 23:07
Modified
2024-11-21 00:20
Severity ?
Summary
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via \"..\" sequences in the e107language_e107cookie cookie to gsitemap.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en class2.php en e107 0.7.5 y anteriores permite a atacantes remotos leer y ejecutar c\u00f3digo PHP en ficheros de su elecci\u00f3n mediante secuencias \"..\" en la cookie e107language_e107cookie a gsitemap.php."
}
],
"id": "CVE-2006-5786",
"lastModified": "2024-11-21T00:20:32.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-07T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20913"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30030"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2711"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-27 21:05
Modified
2024-11-21 00:13
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.6_10 | |
| e107 | e107 | 0.6_11 | |
| e107 | e107 | 0.6_12 | |
| e107 | e107 | 0.6_13 | |
| e107 | e107 | 0.6_14 | |
| e107 | e107 | 0.6_15 | |
| e107 | e107 | 0.6_15a | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.545 | |
| e107 | e107 | 0.547_beta | |
| e107 | e107 | 0.548_beta | |
| e107 | e107 | 0.549_beta | |
| e107 | e107 | 0.551_beta | |
| e107 | e107 | 0.552_beta | |
| e107 | e107 | 0.553_beta | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.554_beta | |
| e107 | e107 | 0.555_beta | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "453D7323-69AA-4283-8C6A-70A03624139A",
"versionEndIncluding": "0.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*",
"matchCriteriaId": "18C34EB0-7685-4346-81A2-371C1F19F6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB26A2A4-B0DE-4130-AA5F-76D5394A0614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*",
"matchCriteriaId": "90909932-AD39-4648-8621-5866F0C4AB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F208E9-3C39-4D00-B1E0-5CD0B315E740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*",
"matchCriteriaId": "27C7402F-54C9-4FDA-B181-85941DDC7010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "437C4251-886C-4E94-B7F6-AE34A0142A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "761D4EE9-0D54-4370-BCBC-3C23481C127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E11E3F9E-708E-44CB-8FD2-E4961028B732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "8F38EB42-437C-4381-B36A-FD3DB78E724E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC957BA-D96C-41B7-9BD4-2ECD37C9C924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9E9AC1-5ECD-448F-B72A-1CE8228C2C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC4B3A4-2563-4C06-A484-5C02CD8F7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "CC274184-AD8E-4BC2-BC6A-4E64F354BFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en e107 v0.7.5, permiten a atacantes remotos inyectar secuencias de comandos Web o HTML de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro ep en search.php y (2) el par\u00e1metro subject de comment.php (tambi\u00e9n conocido como el campo Subject cuando se a\u00f1ade un comentario)."
}
],
"id": "CVE-2006-3259",
"lastModified": "2024-11-21T00:13:11.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-27T21:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20727"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1151"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/437649/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18508"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18560"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2460"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27240"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/437649/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27242"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-12 16:29
Modified
2024-11-21 03:52
Severity ?
Summary
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/ommadawn46/5cb22e7c66cc32a5c7734a8064b4d3f5 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/e107inc/e107/commit/e5bb5297f68e56537c004cdbb48a30892e9f6f4c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/ommadawn46/5cb22e7c66cc32a5c7734a8064b4d3f5 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/e107inc/e107/commit/e5bb5297f68e56537c004cdbb48a30892e9f6f4c | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0ECC71-9F7A-4634-B3DD-A6C60C1DA78C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type."
},
{
"lang": "es",
"value": "e107_web/js/plupload/upload.php en e107 2.1.8 permite que atacantes remotos ejecuten c\u00f3digo PHP arbitrario mediante la subida de un nombre de archivo .php con el tipo de contenido image/jpeg."
}
],
"id": "CVE-2018-16388",
"lastModified": "2024-11-21T03:52:39.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-12T16:29:02.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/ommadawn46/5cb22e7c66cc32a5c7734a8064b4d3f5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107/commit/e5bb5297f68e56537c004cdbb48a30892e9f6f4c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/ommadawn46/5cb22e7c66cc32a5c7734a8064b4d3f5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107/commit/e5bb5297f68e56537c004cdbb48a30892e9f6f4c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-15 15:59
Modified
2024-11-21 02:24
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DDACBE-64B9-4BEE-BC7A-932420A56EF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en e107_admin/filemanager.php en e107 1.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de la ruta de ficheros e107_files/ en QUERY_STRING."
}
],
"id": "CVE-2015-1041",
"lastModified": "2024-11-21T02:24:31.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-15T15:59:29.763",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/18"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71977"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99898"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107v1/issues/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107v1/issues/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-24 18:59
Modified
2024-11-21 03:33
Severity ?
Summary
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2017/Apr/40 | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Apr/40 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "787202B4-C2E4-492E-8FFA-0A567F2E3734",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker."
},
{
"lang": "es",
"value": "e107 2.1.4 es vulnerable a CSRF en la instalaci\u00f3n de plugins, el meta cambio y el cambio de configuraci\u00f3n. Una p\u00e1gina web maliciosa puede utilizar solicitudes falsificadas para hacer una descarga e107 e instalar un plug-in proporcionado por el atacante."
}
],
"id": "CVE-2017-8098",
"lastModified": "2024-11-21T03:33:18.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T18:59:00.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/40"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-24 14:30
Modified
2024-11-21 01:02
Severity ?
Summary
SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.6_10 | |
| e107 | e107 | 0.6_11 | |
| e107 | e107 | 0.6_12 | |
| e107 | e107 | 0.6_13 | |
| e107 | e107 | 0.6_14 | |
| e107 | e107 | 0.6_15 | |
| e107 | e107 | 0.6_15a | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.545 | |
| e107 | e107 | 0.547_beta | |
| e107 | e107 | 0.548_beta | |
| e107 | e107 | 0.549_beta | |
| e107 | e107 | 0.551_beta | |
| e107 | e107 | 0.552_beta | |
| e107 | e107 | 0.553_beta | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.554_beta | |
| e107 | e107 | 0.555_beta | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 | |
| e107 | e107 | 1.0.1 | |
| e107 | e107 | 5.1 | |
| e107 | e107 | 5.2 | |
| e107 | e107 | 5.3_beta | |
| e107 | e107 | 5.3_beta2 | |
| e107 | e107 | 5.04 | |
| e107 | e107 | 5.4_beta1 | |
| e107 | e107 | 5.4_beta3 | |
| e107 | e107 | 5.4_beta4 | |
| e107 | e107 | 5.4_beta5 | |
| e107 | e107 | 5.4_beta6 | |
| e107 | e107 | 5.05 | |
| e107 | e107 | 5.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87794C62-4C18-4F8F-9E78-1993BD1B0E6B",
"versionEndIncluding": "0.7.15",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*",
"matchCriteriaId": "18C34EB0-7685-4346-81A2-371C1F19F6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB26A2A4-B0DE-4130-AA5F-76D5394A0614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*",
"matchCriteriaId": "90909932-AD39-4648-8621-5866F0C4AB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F208E9-3C39-4D00-B1E0-5CD0B315E740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*",
"matchCriteriaId": "27C7402F-54C9-4FDA-B181-85941DDC7010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "437C4251-886C-4E94-B7F6-AE34A0142A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "761D4EE9-0D54-4370-BCBC-3C23481C127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E11E3F9E-708E-44CB-8FD2-E4961028B732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "8F38EB42-437C-4381-B36A-FD3DB78E724E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC957BA-D96C-41B7-9BD4-2ECD37C9C924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9E9AC1-5ECD-448F-B72A-1CE8228C2C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC4B3A4-2563-4C06-A484-5C02CD8F7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "CC274184-AD8E-4BC2-BC6A-4E64F354BFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DD84FB-8CF3-4FD4-AB18-DCD3FF3A2F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4189588A-A887-4D27-B3A0-48A3DBBD5E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5549E7FF-4329-49F6-BF59-081DA7874BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.3_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "AA26A71E-F1E6-4EA0-9165-F7989FB89B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.3_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C90BAB9-2ACE-48E4-BC15-E88C2C370B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD219A3-4958-4EA9-A914-37D4F0A8A24D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "3417C70B-E531-49C8-971E-CC349FB5AA1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB5EF2F8-0A65-4C8C-A4A3-9B9B1151509C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "62FBE3F6-7685-43BA-B63B-28AA79330323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "94CC3B56-F1FC-452A-A0A7-4CF60089C1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "7524B12E-3D05-4CD1-B582-8A66EEC3F6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "590FE150-07AF-4E25-B8F8-D0E8500D73B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F515DEBF-B55A-4B42-8E1F-AB9A2C3DD8DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when \"Extended User Fields\" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de SQL en usersettings.php en e107 v0.7.15 y anteriores, cuando la opci\u00f3n \"Campos de usuario extendidos\" est\u00e1 activado y magic_quotes_gpc est\u00e1 desactivado, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro Hide. Se trata de un vector diferente al de CVE-2005-4224 y CVE-2008-5320."
}
],
"id": "CVE-2009-1409",
"lastModified": "2024-11-21T01:02:23.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-24T14:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53812"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34823"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34614"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49981"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8495"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-22 19:55
Modified
2024-11-21 02:00
Severity ?
Summary
fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.7.0 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.7.16 | |
| e107 | e107 | 0.7.17 | |
| e107 | e107 | 0.7.18 | |
| e107 | e107 | 0.7.19 | |
| e107 | e107 | 0.7.20 | |
| e107 | e107 | 0.7.21 | |
| e107 | e107 | 0.7.22 | |
| e107 | e107 | 0.7.24 | |
| e107 | e107 | 0.7.26 | |
| e107 | e107 | 1.0.1 | |
| e107 | e107 | 1.0.2 | |
| e107 | e107 | 1.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A36456AF-7B2C-4C62-B353-060C3AA93536",
"versionEndIncluding": "1.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5B2762-4A7C-45EE-8A1B-0E7939978321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "069F5C7C-F549-4B92-A1EA-6310CCF64334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF46A3-7197-4C00-8298-9B938B6EE97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B242DBD4-299A-49BC-B399-6C48E04D10DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "756D821D-63CA-4DCC-8335-679290C197BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAB4C3E-EE6F-4603-A829-25138966CADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "56459690-0C9E-4049-A20A-E17152913065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C0202-89BE-44EE-AD44-B3AF8A41671C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "24B25E9E-A4E6-4156-9543-A0071A84F065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4C218B8E-ED52-4F5B-A3FC-CEB3FF8D11DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DD84FB-8CF3-4FD4-AB18-DCD3FF3A2F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B72F4ED-2B19-4D51-9411-39FFACA94DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "44B4FFFF-D038-4EF5-86B1-D3FFE1991C1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user."
},
{
"lang": "es",
"value": "fpw.php en e107 hasta la versi\u00f3n 1.0.4 no comprueba el campo user_ban, lo que hace m\u00e1s f\u00e1cil para atacantes remotos restablecer contrase\u00f1as mediante el env\u00edo de una petici\u00f3n pwsubmit y aprovechando el acceso a la cuenta de email de un usuario baneado."
}
],
"id": "CVE-2013-7305",
"lastModified": "2024-11-21T02:00:42.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-22T19:55:06.597",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/p/e107/svn/13114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/p/e107/svn/13114"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-27 22:30
Modified
2024-11-21 01:15
Severity ?
Summary
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.6_10 | |
| e107 | e107 | 0.6_11 | |
| e107 | e107 | 0.6_12 | |
| e107 | e107 | 0.6_13 | |
| e107 | e107 | 0.6_14 | |
| e107 | e107 | 0.6_15 | |
| e107 | e107 | 0.6_15a | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.0 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.7.16 | |
| e107 | e107 | 0.7.17 | |
| e107 | e107 | 0.7.18 | |
| e107 | e107 | 0.7.19 | |
| e107 | e107 | 0.545 | |
| e107 | e107 | 0.547 | |
| e107 | e107 | 0.548 | |
| e107 | e107 | 0.549 | |
| e107 | e107 | 0.551 | |
| e107 | e107 | 0.552 | |
| e107 | e107 | 0.553 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.555 | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2F26CB-709E-4C1A-83B2-D0419AED17B1",
"versionEndIncluding": "0.7.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*",
"matchCriteriaId": "18C34EB0-7685-4346-81A2-371C1F19F6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB26A2A4-B0DE-4130-AA5F-76D5394A0614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*",
"matchCriteriaId": "90909932-AD39-4648-8621-5866F0C4AB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F208E9-3C39-4D00-B1E0-5CD0B315E740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*",
"matchCriteriaId": "27C7402F-54C9-4FDA-B181-85941DDC7010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5B2762-4A7C-45EE-8A1B-0E7939978321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "069F5C7C-F549-4B92-A1EA-6310CCF64334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF46A3-7197-4C00-8298-9B938B6EE97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B242DBD4-299A-49BC-B399-6C48E04D10DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "756D821D-63CA-4DCC-8335-679290C197BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547:beta:*:*:*:*:*:*",
"matchCriteriaId": "EF6E08F0-004C-4A00-861D-72A9082C3F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548:beta:*:*:*:*:*:*",
"matchCriteriaId": "CBF301C0-0DEF-4922-85BF-66BF6192A745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549:beta:*:*:*:*:*:*",
"matchCriteriaId": "4805886F-099B-4808-A2FF-0A0B77CD566D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551:beta:*:*:*:*:*:*",
"matchCriteriaId": "984B6A2B-F9D5-48AB-8B57-DD62B200C441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552:beta:*:*:*:*:*:*",
"matchCriteriaId": "45D6F945-96D1-42A1-AE66-3D7988DE9A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553:beta:*:*:*:*:*:*",
"matchCriteriaId": "3065526A-4DDE-4F7F-97C5-2E0F3D0D106B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:beta:*:*:*:*:*:*",
"matchCriteriaId": "27ABDE74-B886-47A6-909B-7EA428260FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555:beta:*:*:*:*:*:*",
"matchCriteriaId": "DC65CB58-4F17-4F8D-9682-9D6C1B33F39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en usersettings.php en e107 v0.7.20 y anteriores permite a atacantes remotos realizar ataques de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro loginname. \r\n"
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/184.html\r\n\r\n\u0027CWE-184: Incomplete Blacklist\u0027",
"id": "CVE-2010-2098",
"lastModified": "2024-11-21T01:15:53.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-27T22:30:02.077",
"references": [
{
"source": "cve@mitre.org",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11521\u0026r2=11538"
},
{
"source": "cve@mitre.org",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11538\u0026r2=11541"
},
{
"source": "cve@mitre.org",
"url": "http://php-security.org/2010/05/15/mops-2010-029-cmsqlite-c-parameter-sql-injection-vulnerability/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11521\u0026r2=11538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11538\u0026r2=11541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://php-security.org/2010/05/15/mops-2010-029-cmsqlite-c-parameter-sql-injection-vulnerability/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 20:55
Modified
2024-11-21 01:22
Severity ?
Summary
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.6_10 | |
| e107 | e107 | 0.6_11 | |
| e107 | e107 | 0.6_12 | |
| e107 | e107 | 0.6_13 | |
| e107 | e107 | 0.6_14 | |
| e107 | e107 | 0.6_15 | |
| e107 | e107 | 0.6_15a | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.0 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.7.16 | |
| e107 | e107 | 0.7.17 | |
| e107 | e107 | 0.7.18 | |
| e107 | e107 | 0.7.19 | |
| e107 | e107 | 0.7.20 | |
| e107 | e107 | 0.7.21 | |
| e107 | e107 | 0.545 | |
| e107 | e107 | 0.547 | |
| e107 | e107 | 0.548 | |
| e107 | e107 | 0.549 | |
| e107 | e107 | 0.551 | |
| e107 | e107 | 0.552 | |
| e107 | e107 | 0.553 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.555 | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3AB3F8-1540-4078-B618-419419A1B942",
"versionEndIncluding": "0.7.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*",
"matchCriteriaId": "18C34EB0-7685-4346-81A2-371C1F19F6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB26A2A4-B0DE-4130-AA5F-76D5394A0614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*",
"matchCriteriaId": "90909932-AD39-4648-8621-5866F0C4AB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F208E9-3C39-4D00-B1E0-5CD0B315E740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*",
"matchCriteriaId": "27C7402F-54C9-4FDA-B181-85941DDC7010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5B2762-4A7C-45EE-8A1B-0E7939978321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "069F5C7C-F549-4B92-A1EA-6310CCF64334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF46A3-7197-4C00-8298-9B938B6EE97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B242DBD4-299A-49BC-B399-6C48E04D10DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "756D821D-63CA-4DCC-8335-679290C197BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAB4C3E-EE6F-4603-A829-25138966CADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "56459690-0C9E-4049-A20A-E17152913065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547:beta:*:*:*:*:*:*",
"matchCriteriaId": "EF6E08F0-004C-4A00-861D-72A9082C3F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548:beta:*:*:*:*:*:*",
"matchCriteriaId": "CBF301C0-0DEF-4922-85BF-66BF6192A745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549:beta:*:*:*:*:*:*",
"matchCriteriaId": "4805886F-099B-4808-A2FF-0A0B77CD566D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551:beta:*:*:*:*:*:*",
"matchCriteriaId": "984B6A2B-F9D5-48AB-8B57-DD62B200C441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552:beta:*:*:*:*:*:*",
"matchCriteriaId": "45D6F945-96D1-42A1-AE66-3D7988DE9A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553:beta:*:*:*:*:*:*",
"matchCriteriaId": "3065526A-4DDE-4F7F-97C5-2E0F3D0D106B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:beta:*:*:*:*:*:*",
"matchCriteriaId": "27ABDE74-B886-47A6-909B-7EA428260FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555:beta:*:*:*:*:*:*",
"matchCriteriaId": "DC65CB58-4F17-4F8D-9682-9D6C1B33F39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php."
},
{
"lang": "es",
"value": "El mecanismo de protecci\u00f3n de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en e107 antes de v0.7.23, utiliza una muestra aleatoria predecible basada en la fecha de creaci\u00f3n de la cuenta de administrador, lo que permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que a\u00f1aden nuevos usuarios a trav\u00e9s de e107_admin/users.php."
}
],
"id": "CVE-2010-5084",
"lastModified": "2024-11-21T01:22:28.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T20:55:02.737",
"references": [
{
"source": "cve@mitre.org",
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41034"
},
{
"source": "cve@mitre.org",
"url": "http://www.madirish.net/?article=471"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1024351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.madirish.net/?article=471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024351"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-20 16:30
Modified
2024-11-21 01:13
Severity ?
Summary
Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.7.16 | |
| e107 | e107 | 0.7.17 | |
| e107 | e107 | 0.7.18 | |
| e107 | e107 | 0.545 | |
| e107 | e107 | 0.547 | |
| e107 | e107 | 0.548 | |
| e107 | e107 | 0.549 | |
| e107 | e107 | 0.551 | |
| e107 | e107 | 0.552 | |
| e107 | e107 | 0.553 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.555 | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 | |
| e107 | e107 | 5.1 | |
| e107 | e107 | 5.3 | |
| e107 | e107 | 5.3 | |
| e107 | e107 | 5.04 | |
| e107 | e107 | 5.4 | |
| e107 | e107 | 5.4 | |
| e107 | e107 | 5.4 | |
| e107 | e107 | 5.4 | |
| e107 | e107 | 5.4 | |
| e107 | e107 | 5.4 | |
| e107 | e107 | 5.05 | |
| e107 | e107 | 5.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0521F172-C4F7-4054-AA27-A8C5946C7F19",
"versionEndIncluding": "0.7.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "069F5C7C-F549-4B92-A1EA-6310CCF64334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF46A3-7197-4C00-8298-9B938B6EE97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B242DBD4-299A-49BC-B399-6C48E04D10DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547:beta:*:*:*:*:*:*",
"matchCriteriaId": "EF6E08F0-004C-4A00-861D-72A9082C3F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548:beta:*:*:*:*:*:*",
"matchCriteriaId": "CBF301C0-0DEF-4922-85BF-66BF6192A745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549:beta:*:*:*:*:*:*",
"matchCriteriaId": "4805886F-099B-4808-A2FF-0A0B77CD566D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551:beta:*:*:*:*:*:*",
"matchCriteriaId": "984B6A2B-F9D5-48AB-8B57-DD62B200C441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552:beta:*:*:*:*:*:*",
"matchCriteriaId": "45D6F945-96D1-42A1-AE66-3D7988DE9A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553:beta:*:*:*:*:*:*",
"matchCriteriaId": "3065526A-4DDE-4F7F-97C5-2E0F3D0D106B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:beta:*:*:*:*:*:*",
"matchCriteriaId": "27ABDE74-B886-47A6-909B-7EA428260FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555:beta:*:*:*:*:*:*",
"matchCriteriaId": "DC65CB58-4F17-4F8D-9682-9D6C1B33F39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4189588A-A887-4D27-B3A0-48A3DBBD5E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "52377D39-0F95-4A5D-B66D-16799B8C1EAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.3:beta2:*:*:*:*:*:*",
"matchCriteriaId": "29CC64E2-6F73-457C-8991-4F10FDEFCC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD219A3-4958-4EA9-A914-37D4F0A8A24D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3E216628-73CE-4DBD-9FAA-09E3257B8FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4:beta2:*:*:*:*:*:*",
"matchCriteriaId": "75F8EBAC-E898-44AD-9181-D9749D341196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FCD9C5D8-3C8C-4892-8FD9-9099E8F410FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F3E4FBC2-C2B3-4D94-BDC0-1CC978186DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4:beta5:*:*:*:*:*:*",
"matchCriteriaId": "B7F61370-FA58-499A-9BB2-ACA95342ED49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4:beta6:*:*:*:*:*:*",
"matchCriteriaId": "5519E330-9BD1-42D7-A94E-3B81113404BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "590FE150-07AF-4E25-B8F8-D0E8500D73B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F515DEBF-B55A-4B42-8E1F-AB9A2C3DD8DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that \"an odd set of preferences and a missing file\" are required."
},
{
"lang": "es",
"value": "Vulnerabilidad de subida de fichero sin restricciones en e107 en versiones anteriores a la v0.7.20. Permite a usuarios remotos autenticados ejecutar comandos de su elecci\u00f3n subiendo un fichero .php.filetypesphp. NOTA: el fabricante cuestiona la importancia de esta vulnerabilidad, arguyendo que se necesita \"un conjunto poco com\u00fan de preferencias y un fichero perdido\"."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/434.html\r\n\r\n\u0027CWE-434: Unrestricted Upload of File with Dangerous Type\u0027",
"id": "CVE-2010-0996",
"lastModified": "2024-11-21T01:13:22.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-20T16:30:00.460",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://e107.org/comment.php?comment.news.864"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://e107.org/svn_changelog.php?version=0.7.20"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39013"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2010-44/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/510805/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/39540"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0919"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://e107.org/comment.php?comment.news.864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://e107.org/svn_changelog.php?version=0.7.20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2010-44/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/510805/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57932"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-05-29 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code."
}
],
"id": "CVE-2004-2041",
"lastModified": "2024-11-20T23:52:21.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-05-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11740"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6530"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10436"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16282"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-04 19:55
Modified
2024-11-21 01:33
Severity ?
Summary
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4C218B8E-ED52-4F5B-A3FC-CEB3FF8D11DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter."
},
{
"lang": "es",
"value": "Vulnerabilida de inyecci\u00f3n SQL en usersettings.php en e107 v0.7.26 y posiblemente otras versiones anteriores a 1.0.0, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro username."
}
],
"id": "CVE-2011-4921",
"lastModified": "2024-11-21T01:33:18.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-04T19:55:02.193",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/78050"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46706"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/51253"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72011"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-05-29 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message."
}
],
"id": "CVE-2004-2039",
"lastModified": "2024-11-20T23:52:21.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-05-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11740"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6525"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/10436"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/10436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16277"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-04 21:55
Modified
2024-11-21 01:26
Severity ?
Summary
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.0 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.7.16 | |
| e107 | e107 | 0.7.17 | |
| e107 | e107 | 0.7.18 | |
| e107 | e107 | 0.7.19 | |
| e107 | e107 | 0.7.20 | |
| e107 | e107 | 0.7.21 | |
| e107 | e107 | 0.7.22 | |
| e107 | e107 | 0.545 | |
| e107 | e107 | 0.547 | |
| e107 | e107 | 0.548 | |
| e107 | e107 | 0.549 | |
| e107 | e107 | 0.551 | |
| e107 | e107 | 0.552 | |
| e107 | e107 | 0.553 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.555 | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC38566-37E2-4BA6-9774-1D728633145D",
"versionEndIncluding": "0.7.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5B2762-4A7C-45EE-8A1B-0E7939978321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "069F5C7C-F549-4B92-A1EA-6310CCF64334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF46A3-7197-4C00-8298-9B938B6EE97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B242DBD4-299A-49BC-B399-6C48E04D10DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "756D821D-63CA-4DCC-8335-679290C197BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAB4C3E-EE6F-4603-A829-25138966CADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "56459690-0C9E-4049-A20A-E17152913065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C0202-89BE-44EE-AD44-B3AF8A41671C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547:beta:*:*:*:*:*:*",
"matchCriteriaId": "EF6E08F0-004C-4A00-861D-72A9082C3F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548:beta:*:*:*:*:*:*",
"matchCriteriaId": "CBF301C0-0DEF-4922-85BF-66BF6192A745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549:beta:*:*:*:*:*:*",
"matchCriteriaId": "4805886F-099B-4808-A2FF-0A0B77CD566D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551:beta:*:*:*:*:*:*",
"matchCriteriaId": "984B6A2B-F9D5-48AB-8B57-DD62B200C441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552:beta:*:*:*:*:*:*",
"matchCriteriaId": "45D6F945-96D1-42A1-AE66-3D7988DE9A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553:beta:*:*:*:*:*:*",
"matchCriteriaId": "3065526A-4DDE-4F7F-97C5-2E0F3D0D106B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:beta:*:*:*:*:*:*",
"matchCriteriaId": "27ABDE74-B886-47A6-909B-7EA428260FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555:beta:*:*:*:*:*:*",
"matchCriteriaId": "DC65CB58-4F17-4F8D-9682-9D6C1B33F39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de c\u00f3digo est\u00e1tico en install_.php en e107 CMS v0.7.24 y probablemente tambi\u00e9n en versiones anteriores, cuando el script de instalaci\u00f3n no se elimina, permite a atacantes remotos inyectar c\u00f3digo PHP de su elecci\u00f3n en e107_config.php a trav\u00e9s de un nombre de servidor MySQL modificado."
}
],
"id": "CVE-2011-1513",
"lastModified": "2024-11-21T01:26:29.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-04T21:55:01.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931\u0026r2=12376\u0026pathrev=12376"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.coresecurity.com/content/e107-cms-script-command-injection"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50339"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931\u0026r2=12376\u0026pathrev=12376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.coresecurity.com/content/e107-cms-script-command-injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70921"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-20 16:30
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.7.0 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.7.16 | |
| e107 | e107 | 0.7.17 | |
| e107 | e107 | 0.7.18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0521F172-C4F7-4054-AA27-A8C5946C7F19",
"versionEndIncluding": "0.7.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5B2762-4A7C-45EE-8A1B-0E7939978321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "069F5C7C-F549-4B92-A1EA-6310CCF64334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF46A3-7197-4C00-8298-9B938B6EE97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B242DBD4-299A-49BC-B399-6C48E04D10DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en 107_plugins/content/content_manager.php en el complemento -plugin- Content Management de e107 anterior a v0.7.20, cuando el gestor de contenido personal est\u00e1 habilitado, permite a usuarios autenticados en remoto asistidos por usuarios locales inyectar secuencias de comandos Web o HTML mediante el par\u00e1metro content_heading."
}
],
"id": "CVE-2010-0997",
"lastModified": "2024-11-21T01:13:22.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-20T16:30:00.507",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://e107.org/comment.php?comment.news.864"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://e107.org/svn_changelog.php?version=0.7.20"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39013"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2010-43/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/510809/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/39539"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0919"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://e107.org/comment.php?comment.news.864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://e107.org/svn_changelog.php?version=0.7.20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2010-43/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/510809/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57933"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-13 23:07
Modified
2024-11-21 00:16
Severity ?
Summary
Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.6_10 | |
| e107 | e107 | 0.6_11 | |
| e107 | e107 | 0.6_12 | |
| e107 | e107 | 0.6_13 | |
| e107 | e107 | 0.6_14 | |
| e107 | e107 | 0.6_15 | |
| e107 | e107 | 0.6_15a | |
| e107 | e107 | 0.7 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.545 | |
| e107 | e107 | 0.547_beta | |
| e107 | e107 | 0.548_beta | |
| e107 | e107 | 0.549_beta | |
| e107 | e107 | 0.551_beta | |
| e107 | e107 | 0.552_beta | |
| e107 | e107 | 0.553_beta | |
| e107 | e107 | 0.554 | |
| e107 | e107 | 0.554_beta | |
| e107 | e107 | 0.555_beta | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 0.6171 | |
| e107 | e107 | 0.6172 | |
| e107 | e107 | 0.6173 | |
| e107 | e107 | 0.6174 | |
| e107 | e107 | 0.6175 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "453D7323-69AA-4283-8C6A-70A03624139A",
"versionEndIncluding": "0.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*",
"matchCriteriaId": "18C34EB0-7685-4346-81A2-371C1F19F6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB26A2A4-B0DE-4130-AA5F-76D5394A0614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*",
"matchCriteriaId": "90909932-AD39-4648-8621-5866F0C4AB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F208E9-3C39-4D00-B1E0-5CD0B315E740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*",
"matchCriteriaId": "27C7402F-54C9-4FDA-B181-85941DDC7010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.547_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "437C4251-886C-4E94-B7F6-AE34A0142A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "761D4EE9-0D54-4370-BCBC-3C23481C127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E11E3F9E-708E-44CB-8FD2-E4961028B732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "8F38EB42-437C-4381-B36A-FD3DB78E724E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC957BA-D96C-41B7-9BD4-2ECD37C9C924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9E9AC1-5ECD-448F-B72A-1CE8228C2C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC4B3A4-2563-4C06-A484-5C02CD8F7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "CC274184-AD8E-4BC2-BC6A-4E64F354BFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD2A8-C8E8-4A5F-8355-6DF45C9DF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*",
"matchCriteriaId": "92E294FE-F0A2-45FC-BB67-D988DD89D2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*",
"matchCriteriaId": "9640315B-7F04-4F5A-B213-8FAF509DFF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*",
"matchCriteriaId": "DF75A192-81C1-4F58-A660-7EFE4F33E58B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that \"If your admins are injecting you, you might want to reconsider their access.\""
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la secci\u00f3n admin de e107 0.7.5 permite a los usuarios remotos validados ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) linkopentype, (2) linkrender, (3) link_class, y (4) link_id en (a) links.php; el par\u00e1metro searchquery(5) en (b) users.php; y el par\u00e1metro (6) download_category_class en (c) download.php. NOTA: el desarrollador e107 ha discutido sobre el significado de la vulnerabilidad, indicando que \u201csi tus administradores te est\u00e1n inyectando, t\u00fa deber\u00edas de reconsiderar su acceso\"."
}
],
"evaluatorSolution": "Successful exploitation requires that the attacker have Administrative rights.",
"id": "CVE-2006-4757",
"lastModified": "2024-11-21T00:16:41.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-13T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195\u0026action=show"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1569"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445005/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195\u0026action=show"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445005/100/100/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-02 19:15
Modified
2024-11-21 05:58
Severity ?
Summary
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-Forgery.html | Third Party Advisory | |
| cve@mitre.org | https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/e107inc/e107/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-Forgery.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/e107inc/e107/releases | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A949387D-E5D5-4F96-93E5-F53496F7D159",
"versionEndIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism."
},
{
"lang": "es",
"value": "El archivo usersettings.php en e107 hasta la versi\u00f3n 2.3.0, carece de cierto mecanismo de protecci\u00f3n e_TOKEN"
}
],
"id": "CVE-2021-27885",
"lastModified": "2024-11-21T05:58:41.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-02T19:15:13.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-Forgery.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/e107inc/e107/releases"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-03 11:54
Modified
2024-11-21 01:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DD84FB-8CF3-4FD4-AB18-DCD3FF3A2F5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en e107_admin/download.php en e107 v1.0.1 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores de las peticiones que realizan los ataques XSS a trav\u00e9s del par\u00e1metro news_title en una acci\u00f3n create."
}
],
"id": "CVE-2012-6433",
"lastModified": "2024-11-21T01:46:07.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-03T11:54:26.527",
"references": [
{
"source": "cve@mitre.org",
"url": "http://e107.org/changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?sortdir=down\u0026r1=12622\u0026r2=12992\u0026sortby=rev"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/23828/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://e107.org/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?sortdir=down\u0026r1=12622\u0026r2=12992\u0026sortby=rev"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/23828/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-11 17:30
Modified
2024-11-21 00:55
Severity ?
Summary
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mytipper:zogo_shop:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "348C7F00-D7B5-4D31-B2A4-C1EBA26162EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED52F96-48B9-4111-AAEB-4E9190114802",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en product_details.php en el complemento Mytipper Zogo-shop para e107, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"product\"."
}
],
"id": "CVE-2008-6114",
"lastModified": "2024-11-21T00:55:42.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-11T17:30:00.327",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32795"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32423"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46784"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/7184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/7184"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-05-21 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "CC274184-AD8E-4BC2-BC6A-4E64F354BFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields."
}
],
"id": "CVE-2004-2031",
"lastModified": "2024-11-20T23:52:20.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-05-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108541119526279\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11696"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6410"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10405"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108541119526279\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16241"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "CC274184-AD8E-4BC2-BC6A-4E64F354BFFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the \"login name/author\" field in the (1) news submit or (2) article submit functions."
}
],
"id": "CVE-2004-2261",
"lastModified": "2024-11-20T23:52:54.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11567"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010084"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/5982"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10293"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/5982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16087"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-13 10:30
Modified
2024-11-21 00:56
Severity ?
Summary
SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| akirapowered | image_gallery | 0.9.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED52F96-48B9-4111-AAEB-4E9190114802",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:akirapowered:image_gallery:0.9.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E459A72-A3F7-4E93-B789-B2CC844999A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el archivo image_gallery.php en el plugin Image Gallery (image_gallery) de Akira Powered versi\u00f3n 0.9.6.2 para e107, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del par\u00e1metro image en una acci\u00f3n image-detail ."
}
],
"id": "CVE-2008-6466",
"lastModified": "2024-11-21T00:56:36.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-13T10:30:00.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34384"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31286"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6516"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-02 00:15
Modified
2024-11-21 08:09
Severity ?
Summary
Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/e107%20v2.3.2.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.chtsecurity.com/news/0a4743a5-491e-4685-95ee-df8316ab5284 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.chtsecurity.com/news/6c6675d4-3254-46ce-a16d-26523ff80540 | Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/51449 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/e107%20v2.3.2.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.chtsecurity.com/news/0a4743a5-491e-4685-95ee-df8316ab5284 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.chtsecurity.com/news/6c6675d4-3254-46ce-a16d-26523ff80540 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/51449 | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9775323-C655-474B-9261-FAFE85AA8EC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project."
},
{
"lang": "es",
"value": "La vulnerabilidad Cross-Site Scripting en e107 v.2.3.2 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n de descripci\u00f3n en el proyecto SEO.\n"
}
],
"id": "CVE-2023-36121",
"lastModified": "2024-11-21T08:09:18.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-02T00:15:18.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/e107%20v2.3.2.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.chtsecurity.com/news/0a4743a5-491e-4685-95ee-df8316ab5284"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.chtsecurity.com/news/6c6675d4-3254-46ce-a16d-26523ff80540"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/51449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/e107%20v2.3.2.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.chtsecurity.com/news/0a4743a5-491e-4685-95ee-df8316ab5284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.chtsecurity.com/news/6c6675d4-3254-46ce-a16d-26523ff80540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/51449"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-29 14:22
Modified
2024-11-21 00:52
Severity ?
Summary
SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | alternate_profiles_plugin | * | |
| e107 | alternate_profiles_plugin | 0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED52F96-48B9-4111-AAEB-4E9190114802",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:alternate_profiles_plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64DE8AA5-9812-4482-9F18-2ECA551D4F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:alternate_profiles_plugin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA68227E-C80D-4154-BF08-AF3ED820D96D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en newuser.php en el plugin alternate_profiles, posiblemente 0.2, para e107 permite a un atacante remoto ejecutar c\u00f3digo SQL de su elecci\u00f3n por medio del par\u00e1metro id."
}
],
"id": "CVE-2008-4785",
"lastModified": "2024-11-21T00:52:33.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-29T14:22:38.523",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4530"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31940"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2940"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6849"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-23 23:55
Modified
2024-11-21 01:31
Severity ?
Summary
e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "24B25E9E-A4E6-4156-9543-A0071A84F065",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files."
},
{
"lang": "es",
"value": "e107 v0.7.24 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con e107_plugins/pdf/e107pdf.php y algunos otros archivos."
}
],
"id": "CVE-2011-3731",
"lastModified": "2024-11-21T01:31:06.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-23T23:55:03.177",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/e107_0.7.24"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/e107_0.7.24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-04 00:58
Modified
2024-11-21 00:52
Severity ?
Summary
SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:w1n78:lyrics:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00FA51F3-E71C-4BD0-ADCD-AAD8A40EE31D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED52F96-48B9-4111-AAEB-4E9190114802",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el fichero lyrics_song.php en el plugin Lyrics (lyrics_menu) plugin para e107 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro l_id."
}
],
"id": "CVE-2008-4906",
"lastModified": "2024-11-21T00:52:48.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-04T00:58:40.260",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32477"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4551"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32004"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://z0rlu.blogspot.com/2008/10/e107-plugin-lyricsmenu-lyricssongphp.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46236"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://z0rlu.blogspot.com/2008/10/e107-plugin-lyricsmenu-lyricssongphp.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6885"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-20 10:55
Modified
2024-11-21 01:33
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| burnsy | jbshop_plugin | - | |
| e107 | e107 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:burnsy:jbshop_plugin:-:*:*:*:*:*:*:*",
"matchCriteriaId": "292E0537-900B-4587-9DB9-D7A173C15788",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C44C2763-B6CF-42BD-9883-69C80DC1F9E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en jbshop.php en el plugin e107 v7 para jbShop permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro item_id.\r\n"
}
],
"id": "CVE-2011-5186",
"lastModified": "2024-11-21T01:33:50.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-20T10:55:28.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18056"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/83371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/83371"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-07 11:03
Modified
2024-11-21 00:03
Severity ?
Summary
e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89549A-6CD7-4DDB-A8C8-ADF103F6CDFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php."
}
],
"id": "CVE-2005-4051",
"lastModified": "2024-11-21T00:03:23.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-07T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?1625.show"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17890/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/418577/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?1625.show"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17890/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/418577/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15748"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-22 19:55
Modified
2024-11-21 01:52
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.7.0 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.7.16 | |
| e107 | e107 | 0.7.17 | |
| e107 | e107 | 0.7.18 | |
| e107 | e107 | 0.7.19 | |
| e107 | e107 | 0.7.20 | |
| e107 | e107 | 0.7.21 | |
| e107 | e107 | 0.7.22 | |
| e107 | e107 | 0.7.24 | |
| e107 | e107 | 0.7.26 | |
| e107 | e107 | 1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF55792-EFD3-49D0-BF3C-D390E8F4E431",
"versionEndIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5B2762-4A7C-45EE-8A1B-0E7939978321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "069F5C7C-F549-4B92-A1EA-6310CCF64334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF46A3-7197-4C00-8298-9B938B6EE97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B242DBD4-299A-49BC-B399-6C48E04D10DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "756D821D-63CA-4DCC-8335-679290C197BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAB4C3E-EE6F-4603-A829-25138966CADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "56459690-0C9E-4049-A20A-E17152913065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C0202-89BE-44EE-AD44-B3AF8A41671C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "24B25E9E-A4E6-4156-9543-A0071A84F065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4C218B8E-ED52-4F5B-A3FC-CEB3FF8D11DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DD84FB-8CF3-4FD4-AB18-DCD3FF3A2F5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en e107_plugins/content/handlers/content_preset.php de e107 anterior a la versi\u00f3n 1.0.3 permite a atacantes remotos inyectar script Web o HTML arbitrario a trav\u00e9s de una cadena de consulta."
}
],
"id": "CVE-2013-2750",
"lastModified": "2024-11-21T01:52:17.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-22T19:55:02.613",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/p/e107/svn/13079"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/526168"
},
{
"source": "cve@mitre.org",
"url": "https://www.secuvera.de/advisories/TC-SA-2013-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/p/e107/svn/13079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/526168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.secuvera.de/advisories/TC-SA-2013-01.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-05 21:29
Modified
2024-11-21 03:52
Severity ?
Summary
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/dhananjay-bajaj/E107-v2.1.8-XSS-POC | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/dhananjay-bajaj/E107-v2.1.8-XSS-POC | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0ECC71-9F7A-4634-B3DD-A6C60C1DA78C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "e107 2.1.8 has XSS via the e107_admin/users.php?mode=main\u0026action=list user_loginname parameter."
},
{
"lang": "es",
"value": "e107 2.1.8 tiene Cross-Site Scripting (XSS) mediante el par\u00e1metro user_loginname en e107_admin/users.php?mode=mainaction=list."
}
],
"id": "CVE-2018-16381",
"lastModified": "2024-11-21T03:52:38.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-05T21:29:03.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/dhananjay-bajaj/E107-v2.1.8-XSS-POC"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/dhananjay-bajaj/E107-v2.1.8-XSS-POC"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-08 18:05
Modified
2024-11-21 00:45
Severity ?
Summary
Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | my_gallery | 2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED52F96-48B9-4111-AAEB-4E9190114802",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:my_gallery:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09554AA6-05BF-41FB-97F7-02E91A5A0BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de ruta absoluta en dload.php en el plugin my_gallery 2.3 para e107, permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un nombre absoluto de ruta en el par\u00e1metro file(archivo). NOTA: algunos de estos detalles de esta informaci\u00f3n se obtuvieron de terceras partes."
}
],
"id": "CVE-2008-1702",
"lastModified": "2024-11-21T00:45:08.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-04-08T18:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29493"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3801"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/490041/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28440"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41433"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490041/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5308"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-14 11:03
Modified
2024-11-21 00:03
Severity ?
Summary
Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "70AB914E-D616-45D2-A451-1C247B8B6E4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple \"potential\" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php."
}
],
"id": "CVE-2005-4224",
"lastModified": "2024-11-21T00:03:43.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-14T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18023/"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21657"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21658"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21659"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21660"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18023/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2861"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-06-10 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DD84FB-8CF3-4FD4-AB18-DCD3FF3A2F5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter."
}
],
"id": "CVE-2005-1966",
"lastModified": "2024-11-20T23:58:30.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-06-10T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111868460811287\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/13934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111868460811287\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/13934"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-16 07:42
Modified
2024-11-21 00:02
Severity ?
Summary
game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED52F96-48B9-4111-AAEB-4E9190114802",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables."
}
],
"id": "CVE-2005-3594",
"lastModified": "2024-11-21T00:02:15.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-16T07:42:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113141422014568\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113141422014568\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/158"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-02 20:59
Modified
2024-11-21 02:20
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "974A3190-A5D0-4B1E-81FA-8F99F580BBEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en la funci\u00f3n AdminObserver en e107_admin/users.php en e107 2.0 alpha2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que a\u00f1aden usuarios al grupo de administraci\u00f3n a trav\u00e9s del par\u00e1metro id en una acci\u00f3n admin."
}
],
"id": "CVE-2014-9459",
"lastModified": "2024-11-21T02:20:56.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-02T20:59:19.087",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Dec/124"
},
{
"source": "cve@mitre.org",
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-31 22:55
Modified
2024-11-21 01:33
Severity ?
Summary
SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | * | |
| e107 | e107 | 0.7.0 | |
| e107 | e107 | 0.7.1 | |
| e107 | e107 | 0.7.2 | |
| e107 | e107 | 0.7.3 | |
| e107 | e107 | 0.7.4 | |
| e107 | e107 | 0.7.5 | |
| e107 | e107 | 0.7.6 | |
| e107 | e107 | 0.7.7 | |
| e107 | e107 | 0.7.8 | |
| e107 | e107 | 0.7.9 | |
| e107 | e107 | 0.7.10 | |
| e107 | e107 | 0.7.11 | |
| e107 | e107 | 0.7.12 | |
| e107 | e107 | 0.7.13 | |
| e107 | e107 | 0.7.14 | |
| e107 | e107 | 0.7.15 | |
| e107 | e107 | 0.7.16 | |
| e107 | e107 | 0.7.17 | |
| e107 | e107 | 0.7.18 | |
| e107 | e107 | 0.7.19 | |
| e107 | e107 | 0.7.20 | |
| e107 | e107 | 0.7.21 | |
| e107 | e107 | 0.7.22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC38566-37E2-4BA6-9774-1D728633145D",
"versionEndIncluding": "0.7.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5B2762-4A7C-45EE-8A1B-0E7939978321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA03C1AC-97EA-47ED-9558-A7CA48420AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32695A82-B042-46B7-9CB4-20F3446E0C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6716A040-0CBE-4402-AB2A-1621B1240B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81627355-AB45-4D47-8DD2-4087E6971EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DAAA4F-B893-4914-8538-E68DDA211225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B649DDC6-EEE6-47E1-A69A-831E5C2DD58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEC90E-8640-4786-B014-CAD83EC4F2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B9B12-4C94-4A8D-B407-2D288502EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CAADA1-1FBB-4983-A942-FC4490CE8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D7C699-0E92-4D9C-9D8F-87C39A28ACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C30A8-7E56-4806-B8D7-851D75B08738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C22711-AEC4-438F-9B37-64D36B0BDFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA435-E5FC-4555-B582-5C6FFC99327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81364B-FB65-4591-ACA3-9D5991F0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "069F5C7C-F549-4B92-A1EA-6310CCF64334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF46A3-7197-4C00-8298-9B938B6EE97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B242DBD4-299A-49BC-B399-6C48E04D10DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "756D821D-63CA-4DCC-8335-679290C197BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAB4C3E-EE6F-4603-A829-25138966CADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "56459690-0C9E-4049-A20A-E17152913065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C0202-89BE-44EE-AD44-B3AF8A41671C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en e107_admin/users_extended.php en e107 anteriores a v0.7.26 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro user_field."
}
],
"id": "CVE-2011-4946",
"lastModified": "2024-11-21T01:33:20.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-31T22:55:01.217",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://e107.org/svn_changelog.php?version=0.7.26"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225\u0026r2=12306"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44968"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/73120"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68061"
},
{
"source": "secalert@redhat.com",
"url": "https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://e107.org/svn_changelog.php?version=0.7.26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225\u0026r2=12306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/73120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-05-21 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*",
"matchCriteriaId": "18C34EB0-7685-4346-81A2-371C1F19F6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB26A2A4-B0DE-4130-AA5F-76D5394A0614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*",
"matchCriteriaId": "90909932-AD39-4648-8621-5866F0C4AB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F208E9-3C39-4D00-B1E0-5CD0B315E740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*",
"matchCriteriaId": "27C7402F-54C9-4FDA-B181-85941DDC7010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1AF2-2BA7-49CB-9F8B-91BF5D5B0BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F77F5E4-8636-41F5-9A80-055CC0FC0346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "CC274184-AD8E-4BC2-BC6A-4E64F354BFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php."
}
],
"id": "CVE-2004-2028",
"lastModified": "2024-11-20T23:52:19.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-05-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108515632622796\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11693"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6345"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10395"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108515632622796\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16231"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-29 19:29
Modified
2024-11-21 02:43
Severity ?
Summary
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://code610.blogspot.com/2016/09/sql-injection-in-latest-e107-cms.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://code610.blogspot.com/2016/09/sql-injection-in-latest-e107-cms.html | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5120C962-B35B-4BB5-83C4-3F06E19A0A25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function."
},
{
"lang": "es",
"value": "e107 2.1.1 permite la inyecci\u00f3n SQL por administradores remotos autenticados a trav\u00e9s del par\u00e1metro pagelist a e107_admin/menus.php, relacionado con la funci\u00f3n menuSaveVisibility."
}
],
"id": "CVE-2016-10378",
"lastModified": "2024-11-21T02:43:53.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-29T19:29:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2016/09/sql-injection-in-latest-e107-cms.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2016/09/sql-injection-in-latest-e107-cms.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6978120F-CFEC-4C45-A954-792E0FB8FFD8",
"versionEndExcluding": "0.617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php."
}
],
"id": "CVE-2004-2262",
"lastModified": "2024-11-20T23:52:54.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://e107.org/comment.php?comment.news.672"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13657"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1012657"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/12586"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12111"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18670"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://e107.org/comment.php?comment.news.672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1012657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/12586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/704"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-20 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | 0.547_beta | |
| e107 | e107 | 0.548_beta | |
| e107 | e107 | 0.549_beta | |
| e107 | e107 | 0.551_beta | |
| e107 | e107 | 0.552_beta | |
| e107 | e107 | 0.553_beta | |
| e107 | e107 | 0.554_beta | |
| e107 | e107 | 0.555_beta | |
| e107 | e107 | 0.600 | |
| e107 | e107 | 0.601 | |
| e107 | e107 | 0.602 | |
| e107 | e107 | 0.603 | |
| e107 | e107 | 0.604 | |
| e107 | e107 | 0.605 | |
| e107 | e107 | 0.606 | |
| e107 | e107 | 0.607 | |
| e107 | e107 | 0.608 | |
| e107 | e107 | 0.609 | |
| e107 | e107 | 0.610 | |
| e107 | e107 | 0.611 | |
| e107 | e107 | 0.612 | |
| e107 | e107 | 0.613 | |
| e107 | e107 | 0.614 | |
| e107 | e107 | 0.615a | |
| e107 | e107 | 0.616 | |
| e107 | e107 | 0.617 | |
| e107 | e107 | 5.1 | |
| e107 | e107 | 5.3_beta | |
| e107 | e107 | 5.3_beta2 | |
| e107 | e107 | 5.04 | |
| e107 | e107 | 5.4_beta1 | |
| e107 | e107 | 5.4_beta3 | |
| e107 | e107 | 5.4_beta4 | |
| e107 | e107 | 5.4_beta5 | |
| e107 | e107 | 5.4_beta6 | |
| e107 | e107 | 5.05 | |
| e107 | e107 | 5.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.547_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "437C4251-886C-4E94-B7F6-AE34A0142A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.548_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "761D4EE9-0D54-4370-BCBC-3C23481C127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.549_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E11E3F9E-708E-44CB-8FD2-E4961028B732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.551_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "8F38EB42-437C-4381-B36A-FD3DB78E724E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.552_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC957BA-D96C-41B7-9BD4-2ECD37C9C924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.553_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9E9AC1-5ECD-448F-B72A-1CE8228C2C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC4B3A4-2563-4C06-A484-5C02CD8F7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "CC274184-AD8E-4BC2-BC6A-4E64F354BFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80F85C-61AD-49C0-9EBF-B79F728F6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE097FC-A525-4599-9FDA-1A011EECE767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF51B0D-E020-491D-92A9-D2A01A7417AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*",
"matchCriteriaId": "75197306-53DB-4C94-959B-C46D3FB1F42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C5C91C-C1C5-457D-9E09-24C7CACCC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB88C92-4F62-471A-8C10-C13C890E764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*",
"matchCriteriaId": "5585DC36-C65F-4FCA-B26F-E4A7901863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD56C-66F7-421C-B211-07C7856112C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*",
"matchCriteriaId": "8E14B108-228D-454F-AF16-9D9086E4C10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD5CAD-0EB8-48F2-AF80-510584A83446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4189588A-A887-4D27-B3A0-48A3DBBD5E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.3_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "AA26A71E-F1E6-4EA0-9165-F7989FB89B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.3_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C90BAB9-2ACE-48E4-BC15-E88C2C370B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD219A3-4958-4EA9-A914-37D4F0A8A24D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "3417C70B-E531-49C8-971E-CC349FB5AA1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB5EF2F8-0A65-4C8C-A4A3-9B9B1151509C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "62FBE3F6-7685-43BA-B63B-28AA79330323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "94CC3B56-F1FC-452A-A0A7-4CF60089C1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.4_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "7524B12E-3D05-4CD1-B582-8A66EEC3F6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "590FE150-07AF-4E25-B8F8-D0E8500D73B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F515DEBF-B55A-4B42-8E1F-AB9A2C3DD8DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados en e107 0.617 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante tags anidadas \" [URL]BBCode\"."
}
],
"id": "CVE-2005-2327",
"lastModified": "2024-11-20T23:59:18.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1014513"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1014513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1106"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-30 01:07
Modified
2024-11-21 00:45
Severity ?
Summary
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | 0.7.11 | |
| labgab | labgab | 1.1 | |
| my123tkshop | e-commerce-suite | 0.9.1 | |
| opendb | opendb | 1.5.0 | |
| phpmybittorrent | phpmybittorrent | 1.2.2 | |
| phpnuke | php-nuke | 7.0 | |
| phpnuke | php-nuke | 8.1 | |
| torrentflux_project | torrentflux | 2.3 | |
| webze | webze | 0.5.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:labgab:labgab:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3310461-272D-43C7-A8AA-589A7254FEF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:my123tkshop:e-commerce-suite:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC59E14-E4F7-4E9F-BE4E-98CD5797B45E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opendb:opendb:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0D1D7CD9-80EA-4D43-AB3A-BF833DB9F144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmybittorrent:phpmybittorrent:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20B593A2-9634-4AA0-8D63-CECA6391BEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8442671-45B5-48F6-905F-41A8FD3BF301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux_project:torrentflux:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B86EC9-2E6B-4BDE-B131-8BD82500D041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webze:webze:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA1E599-AC63-40AA-A3B9-6585CDABFFE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings."
},
{
"lang": "es",
"value": "La implementaci\u00f3n CAPTCHA como se utiliza en (1) Francisco Burzi PHP-Nuke 7.0 y 8.1, (2) my123tkShop e-Commerce-Suite (tambi\u00e9n conocido como 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (tambi\u00e9n conocido como OpenDb) 1.5.0b4, y (8) Labgab 1.1; utiliza una imagen de fondo code_bg.jpg y la funci\u00f3n de PHP ImageString de una forma que no produce un n\u00famero suficiente de im\u00e1genes diferentes; esto permite a atacantes remotos pasar el test CAPTCHA mediante un ataque autom\u00e1tico utilizando una tabla con todas las sumas de validaci\u00f3n (checksum) de im\u00e1genes posibles y sus cadenas de d\u00edgitos correspondientes."
}
],
"id": "CVE-2008-2020",
"lastModified": "2024-11-21T00:45:54.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2008-04-30T01:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://securityreason.com/securityalert/3834"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.rooksecurity.com/blog/?p=6"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28877"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://securityreason.com/securityalert/3834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.rooksecurity.com/blog/?p=6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-10-29 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded."
}
],
"id": "CVE-2003-1191",
"lastModified": "2024-11-20T23:46:34.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-10-29T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-10/0313.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10115"
},
{
"source": "cve@mitre.org",
"url": "http://www.hackingheaven.com/index.php?name=PNphpBB2\u0026file=viewtopic\u0026t=21"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/2753"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/8930"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-10/0313.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.hackingheaven.com/index.php?name=PNphpBB2\u0026file=viewtopic\u0026t=21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/2753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/8930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13553"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}