Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4946

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-4946
Last Modified 03 Sep 2012 02:18:18
Published 31 Aug 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4946

Summary

SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.

Vulnerable Systems

Application

  • E107 0.7.0

  • E107 0.7.1

  • E107 0.7.10

  • E107 0.7.11

  • E107 0.7.12

  • E107 0.7.13

  • E107 0.7.14

  • E107 0.7.15

  • E107 0.7.16

  • E107 0.7.17

  • E107 0.7.18

  • E107 0.7.19

  • E107 0.7.2

  • E107 0.7.20

  • E107 0.7.21

  • E107 0.7.22

  • E107 0.7.24

  • E107 0.7.3

  • E107 0.7.4

  • E107 0.7.5

  • E107 0.7.6

  • E107 0.7.7

  • E107 0.7.8

  • E107 0.7.9


References

MISC - https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html

XF - e107-usersextended-sql-injection(68061)

OSVDB - 73120

MLIST - [oss-security] 20120328 Re: CVE-request: e107 HTB23004

MLIST - [oss-security] 20120328 CVE-request: e107 HTB23004

SECUNIA - 44968

CONFIRM - http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306

CONFIRM - http://e107.org/svn_changelog.php?version=0.7.26


Last Updated: 27 May 2016 11:00:26