Description
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
Remediation
References
Related Vulnerabilities
WordPress Plugin PowerPress Podcasting by Blubrry Arbitrary File Upload (8.3.7)
Joomla CVE-2006-4469 Vulnerability (CVE-2006-4469)
WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Security Bypass (1.87)
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-23620)
WordPress Plugin YITH WooCommerce Compare Security Bypass (2.3.13)