Search Results (Refine Search)
- CPE Product Version: cpe:/a:e107:e107:-
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2006-4757 |
Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access." Published: September 13, 2006; 7:07:00 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2006-3259 |
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment). Published: June 27, 2006; 5:05:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2004-2262 |
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php. Published: December 31, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |