Description

Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.

Remediation

References

CVE-2004-2042

Related Vulnerabilities

Oracle Database Server CVE-2014-4300 Vulnerability (CVE-2014-4300)

SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17311)

WordPress Plugin Slimstat Analytics Cross-Site Scripting (2.8.4)

WordPress Plugin Tooltipy (tooltips for WP) Multiple Vulnerabilities (5.0.2)

WordPress Plugin Master Popups Remote Code Execution (1.0.0)

Severity

High

Classification

CVE-2004-2042

Tags

Missing Update Known Vulnerabilities