e107 Website System Forum_viewforum.PHP SQL Injection Vulnerability
BID:13576
Info
e107 Website System Forum_viewforum.PHP SQL Injection Vulnerability
| Bugtraq ID: | 13576 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 10 2005 12:00AM |
| Updated: | May 10 2005 12:00AM |
| Credit: | Discovered by Heintz. |
| Vulnerable: |
e107 e107 website system 0.617 |
| Not Vulnerable: | |
Discussion
e107 Website System Forum_viewforum.PHP SQL Injection Vulnerability
e107 Website System is prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
e107 Website System is prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Exploit / POC
e107 Website System Forum_viewforum.PHP SQL Injection Vulnerability
An exploit is not required. The following example was provided:
http://www.example.com/forum_viewforum.php?5.[INJECTION]#
An exploit is not required. The following example was provided:
http://www.example.com/forum_viewforum.php?5.[INJECTION]#
Solution / Fix
e107 Website System Forum_viewforum.PHP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
e107 Website System Forum_viewforum.PHP SQL Injection Vulnerability
References:
References:
- [core] multiple security vulnearabilities in e107 (e107.org)
- e107 website system Homepage (e107.org)