E107 BBCode Arbitrary PHP Code Execution Vulnerability Network Vulnerability

Summary

e107 is prone to a remote PHP code-execution vulnerability. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system other attacks are also possible. e107 version 0.7.20 and prior are affected.

References

http://e107.org/
http://www.php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html
http://www.securityfocus.com/bid/40252

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2099
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
A-A-S Application Access Server Multiple Vulnerabilities
Apache Tomcat AJP Protocol Security Bypass Vulnerability
Advanced Guestbook Index.PHP SQL Injection Vulnerability
Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities

e107 BBCode Arbitrary PHP Code Execution Vulnerability

Take action and discover your vulnerabilities