E107 SQL Injection Vulnerability

Bugtraq ID:	17966
Class:	Input Validation Error
CVE:	CVE-2006-2416
Remote:	Yes
Local:	No
Published:	May 13 2006 12:00AM
Updated:	Feb 20 2007 08:28PM
Credit:	[email protected] is credited with the discovery of this vulnerability.
Vulnerable:	e107 e107 website system 0.6171 e107 e107 website system 0.617 e107 e107 website system 0.616 e107 e107 website system 0.603 e107 e107 website system 0.555 Beta e107 e107 website system 0.554 e107 e107 website system 0.545 e107 e107 website system 0.7.2 e107 e107 website system 0.7.1 e107 e107 website system 0.7 e107 e107 website system 0.6 15a e107 e107 website system 0.6 15 e107 e107 website system 0.6 14 e107 e107 website system 0.6 13 e107 e107 website system 0.6 12 e107 e107 website system 0.6 11 e107 e107 website system 0.6 10 e107 e107 website system 0.6175
Not Vulnerable:

E107 SQL Injection Vulnerability

e107 is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied cookie data before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

E107 SQL Injection Vulnerability

This issue can be exploited through a web client.

E107 SQL Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: mailto:[email protected]

E107 SQL Injection Vulnerability

References:

• e107 website system Homepage (e107.org)
  
• SQL-Injection in e107 allows attacker to become a site admininstrator ([email protected])