Description
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
Remediation
References
Related Vulnerabilities
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17305)
WordPress Plugin Super Interactive Maps for WordPress Arbitrary File Upload (1.9)
WordPress Plugin Church Admin 'id' Parameter Cross-Site Scripting (0.33.4.5)
MySQL CVE-2020-14575 Vulnerability (CVE-2020-14575)
WordPress Plugin WHOIS 'domain' Parameter Cross-Site Scripting (1.4.2.2)