| VID |
21746 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The e107 Website System is detected as being vulnerable to multiple vulnerabilities (2). e107 is a freely available, Web content management system written in PHP. e107 version 0.6172 and earlier versions are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to disclose sensitive information, conduct SQL injection attacks, and potentially bypass certain security restrictions and compromise a vulnerable system. An attacker who successfully exploited the most severe of these vulnerabilities could execute arbitrary code on the affected host.
* References:
http://rgod.altervista.org/e107remote.html
https://sourceforge.net/project/shownotes.php?release_id=364570
http://www.securitytracker.com/alerts/2005/Oct/1015069.html
http://online.securityfocus.com/archive/1/413707/30/0/threaded
* Platforms Affected:
e107 version 0.6172 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of e107 (0.6173 or later), available from the e107 Web page at http://www.e107.org |
| Related URL |
CVE-2005-3521 (CVE) |
| Related URL |
15125 (SecurityFocus) |
| Related URL |
22780,22781 (ISS) |
|
