Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2005-4224 | First vendor Publication | 2005-12-14 |
Vendor | Cve | Last vendor Modification | 2018-10-19 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4224 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
21660 | e107 usersettings.php Multiple Parameter SQL Injection e107 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the usersettings.php script not properly sanitizing user-supplied input to the 'email', 'hideemail', 'user_timezone' and 'user_xup' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database. |
21659 | e107 upload.php Multiple Parameter SQL Injection e107 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the upload.php script not properly sanitizing user-supplied input to the 'download_category' and 'file_demo' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database. |
21658 | e107 subcontent.php Multiple Parameter SQL Injection e107 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the subcontent.php script not properly sanitizing user-supplied input to the 'content_comment', 'content_rating', and 'content_summary' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database. |
21657 | e107 signup.php Multiple Parameter SQL Injection e107 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the signup.php script not properly sanitizing user-supplied input to the 'email', 'hideemail', 'image', 'realname', 'signature', 'timezone', and 'xupexist' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database. |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:03:25 |
|
2021-04-22 01:03:43 |
|
2020-05-23 00:17:06 |
|
2018-10-19 21:19:42 |
|
2016-06-28 15:28:27 |
|
2016-04-26 14:02:59 |
|
2013-05-11 11:37:09 |
|