Vulnerability Details : CVE-2006-4757
Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."
Vulnerability category: Sql Injection
Products affected by CVE-2006-4757
- cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.549_beta:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.551_beta:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.547_beta:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.548_beta:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.552_beta:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.553_beta:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-4757
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-4757
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:N/AC:H/Au:S/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
References for CVE-2006-4757
Jump to