Summary
This host is running e107 and is prone to remote SQL injection vulnerability.
Impact
Successful exploitation could allow an attacker to compromise the application, access or modify data in the underlying database.
Impact Level: Application
Solution
Upgrade to e107 version 0.7.22 or later,
For updates refer to http://e107.org/edownload.php
Insight
The flaw exists in newuser.php file, which does not validate user input data in the alternate_profiles via the id parameter.
Affected
e107 version 0.7.13, alternate_profiles plugin on all running platform
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2008-4785 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities