Description

Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.

Remediation

References

CVE-2004-2042

Related Vulnerabilities

SharePoint CVE-2020-17118 Vulnerability (CVE-2020-17118)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5491)

Roundcube Improper Privilege Management Vulnerability (CVE-2017-8114)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34258)

PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-5459)

Severity

High

Classification

CVE-2004-2042

Tags

Missing Update Known Vulnerabilities