Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3521

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3521
Last Modified 05 Sep 2008 04:54:36
Published 06 Nov 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3521

Summary

SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page.

Vulnerable Systems

Application

  • E107 0.617

  • E107 0.6171

  • E107 0.6172


References

SECUNIA - 17237

CONFIRM - http://e107.org/news.php

XF - e107-resetcore-sql-injection(22780)

BID - 15125

SECTRACK - 1015069

BUGTRAQ - 20051018 e107 remote commands execution

OSVDB - 20070


Last Updated: 27 May 2016 10:40:57