Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."
Max CVSS
4.6
EPSS Score
0.20%
Published
2006-09-13
Updated
2018-10-17
SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
Max CVSS
6.4
EPSS Score
0.39%
Published
2006-05-25
Updated
2011-03-08
SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name'].
Max CVSS
5.1
EPSS Score
2.85%
Published
2006-05-16
Updated
2018-10-18
3 vulnerabilities found