Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2416

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2416
Last Modified 08 Aug 2011 12:00:00
Published 16 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2416

Summary

SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name'].

Vulnerable Systems

Application

  • E107 0.545

  • E107 0.554

  • E107 0.555 Beta

  • E107 0.6 10

  • E107 0.6 11

  • E107 0.6 12

  • E107 0.6 13

  • E107 0.6 14

  • E107 0.6 15

  • E107 0.6 15a

  • E107 0.603

  • E107 0.616

  • E107 0.617

  • E107 0.6171

  • E107 0.6175

  • E107 0.7

  • E107 0.7.1

  • E107 0.7.2


References

OSVDB - 25521

SECUNIA - 20089

XF - e107-cookie-sql-injection(26434)

VUPEN - ADV-2006-1802

BID - 17966

BUGTRAQ - 20060513 SQL-Injection in e107 allows attacker to become a site admininstrator

SREASON - 905


Last Updated: 27 May 2016 10:42:28