Page 14 of 84 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php. • http://glide.stanford.edu/yichen/research/sec.pdf http://secunia.com/advisories/18023 http://www.osvdb.org/21657 http://www.osvdb.org/21658 http://www.osvdb.org/21659 http://www.osvdb.org/21660 http://www.securityfocus.com/archive/1/419280/100/0/threaded http://www.securityfocus.com/archive/1/419487/100/0/threaded http://www.vupen.com/english/advisories/2005/2861 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php. • http://e107.org/e107_plugins/bugtrack/bugtrack.php?1625.show http://secunia.com/advisories/17890 http://www.securityfocus.com/archive/1/418577/100/0/threaded http://www.securityfocus.com/bid/15748 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site. • http://secunia.com/advisories/17890 http://securityreason.com/securityalert/229 http://www.securityfocus.com/archive/1/418577/100/0/threaded •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables. • http://marc.info/?l=bugtraq&m=113141422014568&w=2 http://securityreason.com/securityalert/158 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2

SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page. • http://e107.org/news.php http://marc.info/?l=bugtraq&m=112967223222966&w=2 http://secunia.com/advisories/17237 http://securitytracker.com/id?1015069 http://www.osvdb.org/20070 http://www.securityfocus.com/bid/15125 https://exchange.xforce.ibmcloud.com/vulnerabilities/22780 •