E107 Resetcore.php SQL Injection Network Vulnerability

Summary

The remote web server contains a PHP script that is prone to a SQL injection attack. Description : The remote host appears to be running e107, a web content management system written in PHP. There is a flaw in the version of e107 on the remote host such that anyone can injection SQL commands through the 'resetcore.php' script which may be used to gain administrative access trivially.

Solution

Upgrade to e107 version 0.6173 or later.

Severity

Classification

CVE CVE-2005-3521
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
aflog Cookie-Based Authentication Bypass Vulnerability
Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
A Really Simple Chat Multiple SQL Injection Vulnerabilities
4psa Voipnow Local File Inclusion Vulnerability

e107 resetcore.php SQL Injection

Take action and discover your vulnerabilities