header-logo
Suggest Exploit
vendor:
e107
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting (XSS), HTML Injection, File Inclusion, SQL Injection
79, 94, 98, 89
CWE
Product Name: e107
Affected Version From: e107 version 0.615 (possibly earlier versions as well)
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: Not provided
CPE: a:e107:e107
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Multiple vulnerabilities in e107

e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code.

Mitigation:

Upgrade to a fixed version or apply patches when available. Avoid user input directly into queries, and sanitize all user-supplied input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10436/info

e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code.


http://www.example.com/e107_0615/usersettings.php?avmsg=[xss code here]