 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.20069 |
| Category: | Web application abuses |
| Title: | e107 resetcore.php SQL Injection |
| Summary: | The remote web server contains a PHP script that is prone to a SQL injection; attack. |
| Description: | Summary: The remote web server contains a PHP script that is prone to a SQL injection attack. Vulnerability Insight: The remote host appears to be running e107, a web content management system written in PHP. There is a flaw in the version of e107 on the remote host such that anyone can injection SQL commands through the 'resetcore.php' script which may be used to gain administrative access trivially. Solution: Upgrade to e107 version 0.6173 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-3521 BugTraq ID: 15125 http://www.securityfocus.com/bid/15125 Bugtraq: 20051018 e107 remote commands execution (Google Search) http://marc.info/?l=bugtraq&m=112967223222966&w=2 http://www.osvdb.org/20070 http://securitytracker.com/id?1015069 http://secunia.com/advisories/17237/ XForce ISS Database: e107-resetcore-sql-injection(22780) https://exchange.xforce.ibmcloud.com/vulnerabilities/22780 |
| Copyright | Copyright (C) 2005 David Maciejak |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |