E107 Alternate_profiles Plugin Newuser.php SQL Injection Vulnerability Network Vulnerability

Summary

This host is running e107 and is prone to remote SQL injection vulnerability.

Impact

Successful exploitation could allow an attacker to compromise the application, access or modify data in the underlying database. Impact Level: Application

Solution

Upgrade to e107 version 0.7.22 or later, For updates refer to http://e107.org/edownload.php

Insight

The flaw exists in newuser.php file, which does not validate user input data in the alternate_profiles via the id parameter.

Affected

e107 version 0.7.13, alternate_profiles plugin on all running platform

References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4785

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-4785

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
Adobe ColdFusion Directory Traversal Vulnerability
Apache Struts2 Redirection and Security Bypass Vulnerabilities

e107 alternate_profiles plugin newuser.php SQL Injection Vulnerability

Take action and discover your vulnerabilities