e107 CMS 'download.php' Arbitrary Variable Overwrite Vulnerability

Bugtraq ID:	30601
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Aug 07 2008 12:00AM
Updated:	Aug 08 2008 05:16PM
Credit:	James Bercegay of the GulfTech Security Research Team
Vulnerable:	e107 e107 website system 0.7.11
Not Vulnerable:

e107 CMS 'download.php' Arbitrary Variable Overwrite Vulnerability

e107 CMS is prone to a vulnerability that lets attackers overwrite arbitrary variables.

Attackers can leverage this issue to launch SQL-injection attacks or to execute arbitrary PHP code. This may result in the compromise of the affected application.

e107 CMS 0.7.11 is vulnerable; other versions may also be affected.

NOTE: This BID was previously titled 'e107 CMS 'download.php' SQL Injection Vulnerability'. It has been updated to better reflect the nature of the vulnerability.

e107 CMS 'download.php' Arbitrary Variable Overwrite Vulnerability

Attackers can use a browser to exploit this issue.

e107 CMS 'download.php' Arbitrary Variable Overwrite Vulnerability

Solution:
Fixes have been committed to the e107 CVS repository. Please see the references for more information.

e107 CMS 'download.php' Arbitrary Variable Overwrite Vulnerability

References:

• e107 CMS Homepage (e107)
  
• e107 download.php rev 1.96 (e107)
  
• e107 <= 0.7.11 Arbitrary Variable Overwriting (GulfTech Security Research )