E107 EasyShop Plugin Easyshop.php SQL Injection Vulnerability Network Vulnerability

Summary

This host is running e107 and is prone to SQL injection vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary SQL commands. Impact Level: Application

Solution

Upgrade to e107 version 0.7.22 or later, For updates refer to http://e107.org/edownload.php

Insight

The flaw exists due to easyshop.php file in the EasyShop plugin, which can be exploited to conduct SQL injection by using execute commands via the category_id parameter.

Affected

e107 version 0.7.13, EasyShop Plugin.

References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4786

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-4786
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AjaXplorer zoho plugin Directory Traversal Vulnerability
ApPHP MicroBlog Remote Code Execution Vulnerability
Apache Tomcat AJP Protocol Security Bypass Vulnerability
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
Adobe ColdFusion Authentication Bypass Vulnerability

e107 EasyShop plugin easyshop.php SQL Injection Vulnerability

Take action and discover your vulnerabilities