Vulnerability Name:


Summary:Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."
CVSS v3 Severity:5.5 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)
4.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
References:Source: MISC


20060901 Sql injections in e107 [Admin section]

Source: XF

Vulnerable Configuration:Configuration 1:
  • cpe:/a:e107:e107:0.545:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.547_beta:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.548_beta:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.549_beta:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.551_beta:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.552_beta:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.553_beta:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.554:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.554_beta:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.555_beta:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.6_10:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.6_11:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.6_12:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.6_13:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.6_14:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.6_15:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.6_15a:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.600:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.601:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.602:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.603:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.604:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.605:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.606:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.607:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.608:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.609:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.610:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.611:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.612:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.613:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.614:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.615:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.615a:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.616:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.617:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.6171:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.6172:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.6173:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.6174:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.6175:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.7:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:e107:e107:0.7.5:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:e107:e107:0.7.5:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    e107 e107 0.545
    e107 e107 0.547_beta
    e107 e107 0.548_beta
    e107 e107 0.549_beta
    e107 e107 0.551_beta
    e107 e107 0.552_beta
    e107 e107 0.553_beta
    e107 e107 0.554
    e107 e107 0.554_beta
    e107 e107 0.555_beta
    e107 e107 0.6_10
    e107 e107 0.6_11
    e107 e107 0.6_12
    e107 e107 0.6_13
    e107 e107 0.6_14
    e107 e107 0.6_15
    e107 e107 0.6_15a
    e107 e107 0.600
    e107 e107 0.601
    e107 e107 0.602
    e107 e107 0.603
    e107 e107 0.604
    e107 e107 0.605
    e107 e107 0.606
    e107 e107 0.607
    e107 e107 0.608
    e107 e107 0.609
    e107 e107 0.610
    e107 e107 0.611
    e107 e107 0.612
    e107 e107 0.613
    e107 e107 0.614
    e107 e107 0.615
    e107 e107 0.615a
    e107 e107 0.616
    e107 e107 0.617
    e107 e107 0.6171
    e107 e107 0.6172
    e107 e107 0.6173
    e107 e107 0.6174
    e107 e107 0.6175
    e107 e107 0.7
    e107 e107 0.7.1
    e107 e107 0.7.2
    e107 e107 0.7.3
    e107 e107 0.7.4
    e107 e107 0.7.5
    e107 e107 0.7.5