E107 BBCode Arbitrary PHP Code Execution Vulnerability Network Vulnerability

Summary

e107 is prone to a remote PHP code-execution vulnerability. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system other attacks are also possible. e107 version 0.7.20 and prior are affected.

References

http://e107.org/
http://www.php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html
http://www.securityfocus.com/bid/40252

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2099

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
ApPHP MicroBlog Remote Code Execution Vulnerability
Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
ATutor password reminder SQL injection

e107 BBCode Arbitrary PHP Code Execution Vulnerability

Take action and discover your vulnerabilities