Summary
e107 is prone to a remote PHP code-execution vulnerability.
An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system
other attacks are also possible.
e107 version 0.7.20 and prior are affected.
References
Severity
Classification
-
CVE CVE-2010-2099 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- A-A-S Application Access Server Multiple Vulnerabilities
- Apache Tomcat AJP Protocol Security Bypass Vulnerability
- Advanced Guestbook Index.PHP SQL Injection Vulnerability
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities