E107 Alternate_profiles Plugin Newuser.php SQL Injection Vulnerability Network Vulnerability

Summary

This host is running e107 and is prone to remote SQL injection vulnerability.

Impact

Successful exploitation could allow an attacker to compromise the application, access or modify data in the underlying database. Impact Level: Application

Solution

Upgrade to e107 version 0.7.22 or later, For updates refer to http://e107.org/edownload.php

Insight

The flaw exists in newuser.php file, which does not validate user input data in the alternate_profiles via the id parameter.

Affected

e107 version 0.7.13, alternate_profiles plugin on all running platform

References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4785

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-4785
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
AdMentor Login Flaw
Apache Archiva Multiple Remote Command Execution Vulnerabilities
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
Apache Struts2 Redirection and Security Bypass Vulnerabilities

e107 alternate_profiles plugin newuser.php SQL Injection Vulnerability

Take action and discover your vulnerabilities