Vulnerability Description
Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| E107 | E107 | 0.7 |
References
- http://glide.stanford.edu/yichen/research/sec.pdf
- http://secunia.com/advisories/18023/Vendor Advisory
- http://www.osvdb.org/21657
- http://www.osvdb.org/21658
- http://www.osvdb.org/21659
- http://www.osvdb.org/21660
- http://www.securityfocus.com/archive/1/419280/100/0/threaded
- http://www.securityfocus.com/archive/1/419487/100/0/threaded
- http://www.vupen.com/english/advisories/2005/2861
- http://glide.stanford.edu/yichen/research/sec.pdf
- http://secunia.com/advisories/18023/Vendor Advisory
- http://www.osvdb.org/21657
- http://www.osvdb.org/21658
- http://www.osvdb.org/21659
- http://www.osvdb.org/21660
FAQ
What is CVE-2005-4224?
CVE-2005-4224 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xu...
How severe is CVE-2005-4224?
CVE-2005-4224 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4224?
Check the references section above for vendor advisories and patch information. Affected products include: E107 E107.