Description

Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php.

Remediation

References

CVE-2005-4224

Related Vulnerabilities

WordPress Plugin Resize Image After Upload Cross-Site Request Forgery (1.8.5)

WordPress Plugin WooCommerce Product Attachment Cross-Site Scripting (1.1.2)

WordPress Plugin Arigato Autoresponder and Newsletter Multiple Unspecified Vulnerabilities (2.4.2)

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9127)

Apache Tomcat Other Vulnerability (CVE-2000-0759)

Severity

High

Classification

CVE-2005-4224

Tags

Missing Update Known Vulnerabilities