E107 EasyShop Plugin Easyshop.php SQL Injection Vulnerability Network Vulnerability

Summary

This host is running e107 and is prone to SQL injection vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary SQL commands. Impact Level: Application

Solution

Upgrade to e107 version 0.7.22 or later, For updates refer to http://e107.org/edownload.php

Insight

The flaw exists due to easyshop.php file in the EasyShop plugin, which can be exploited to conduct SQL injection by using execute commands via the category_id parameter.

Affected

e107 version 0.7.13, EasyShop Plugin.

References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4786

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-4786

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
AjaXplorer zoho plugin Directory Traversal Vulnerability
AWStats configdir parameter arbitrary cmd exec
A-Blog 'sources/search.php' SQL Injection Vulnerability
Avenger's News System Command Execution

e107 EasyShop plugin easyshop.php SQL Injection Vulnerability

Take action and discover your vulnerabilities