CVE-2006-4548
https://notcve.org/view.php?id=CVE-2006-4548
e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107. e107 0.75 y anteriores no se asignan correctamente variables cuando los datos de entrada incluyen un parámetro numérico con un valor que empareja el valor del hash de un parámetro alfanumérico, lo que permite a un atacante remoto ejecutar código PHP de su elección a través del parámetro tinyMCE_imglib_include image/jpeg en e107_handlers/tiny_mce/plugins/ibrowser/ibrowser como se demostró por una petición a multipart/form-data. NOTA: podría ser discutido que esta vulnerabilidad se deba a un fallo en la desasignación del comando de PHP (CVE-2006-3017) y el arreglo apropiado debe estar en PHP; si es así entonces esto no se debe tratar como vulnerabilidad en e107. • http://retrogod.altervista.org/e107_075_xpl.html http://securityreason.com/securityalert/1497 http://www.securityfocus.com/archive/1/444644/100/0/threaded •
CVE-2006-3259 – e107 0.7.5 - 'search.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3259
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment). Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en e107 v0.7.5, permiten a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de (1) el parámetro ep en search.php y (2) el parámetro subject de comment.php (también conocido como el campo Subject cuando se añade un comentario). • https://www.exploit-db.com/exploits/28063 https://www.exploit-db.com/exploits/28078 http://secunia.com/advisories/20727 http://securityreason.com/securityalert/1151 http://www.securityfocus.com/archive/1/437649/100/0/threaded http://www.securityfocus.com/bid/18508 http://www.securityfocus.com/bid/18560 http://www.vupen.com/english/advisories/2006/2460 https://exchange.xforce.ibmcloud.com/vulnerabilities/27240 https://exchange.xforce.ibmcloud.com/vulnerabilities/27242 •
CVE-2006-2590
https://notcve.org/view.php?id=CVE-2006-2590
SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. • http://e107.org/comment.php?comment.news.788 http://secunia.com/advisories/20262 http://www.osvdb.org/25739 http://www.vupen.com/english/advisories/2006/1963 •
CVE-2006-2591
https://notcve.org/view.php?id=CVE-2006-2591
Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit". • http://e107.org/comment.php?comment.news.788 http://secunia.com/advisories/20262 http://www.osvdb.org/25740 http://www.vupen.com/english/advisories/2006/1963 •
CVE-2006-2416
https://notcve.org/view.php?id=CVE-2006-2416
SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. • http://secunia.com/advisories/20089 http://securityreason.com/securityalert/905 http://www.osvdb.org/25521 http://www.securityfocus.com/archive/1/433938/100/0/threaded http://www.securityfocus.com/bid/17966 http://www.vupen.com/english/advisories/2006/1802 https://exchange.xforce.ibmcloud.com/vulnerabilities/26434 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •