CVE-2006-4757

Severity Score

4.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."

Múltiples vulnerabilidades de inyección SQL en la sección admin de e107 0.7.5 permite a los usuarios remotos validados ejecutar comandos SQL de su elección a través de los parámetros (1) linkopentype, (2) linkrender, (3) link_class, y (4) link_id en (a) links.php; el parámetro searchquery(5) en (b) users.php; y el parámetro (6) download_category_class en (c) download.php. NOTA: el desarrollador e107 ha discutido sobre el significado de la vulnerabilidad, indicando que “si tus administradores te están inyectando, tú deberías de reconsiderar su acceso".

*Credits: N/A

CVSS Scores

NISTv2 4.6

Attack Vector

Network

Attack Complexity

High

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-09-13 CVE Reserved
2006-09-13 CVE Published
2023-07-18 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show	X_refsource_misc
http://securityreason.com/securityalert/1569	Third Party Advisory
http://www.securityfocus.com/archive/1/445005/100/100/threaded	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				<= 0.7.5 Search vendor "E107" for product "E107" and version " <= 0.7.5"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.6_10 Search vendor "E107" for product "E107" and version "0.6_10"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.6_11 Search vendor "E107" for product "E107" and version "0.6_11"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.6_12 Search vendor "E107" for product "E107" and version "0.6_12"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.6_13 Search vendor "E107" for product "E107" and version "0.6_13"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.6_14 Search vendor "E107" for product "E107" and version "0.6_14"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.6_15 Search vendor "E107" for product "E107" and version "0.6_15"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.6_15a Search vendor "E107" for product "E107" and version "0.6_15a"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.7 Search vendor "E107" for product "E107" and version "0.7"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.7.1 Search vendor "E107" for product "E107" and version "0.7.1"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.7.2 Search vendor "E107" for product "E107" and version "0.7.2"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.7.3 Search vendor "E107" for product "E107" and version "0.7.3"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.7.4 Search vendor "E107" for product "E107" and version "0.7.4"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.545 Search vendor "E107" for product "E107" and version "0.545"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.547_beta Search vendor "E107" for product "E107" and version "0.547_beta"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.548_beta Search vendor "E107" for product "E107" and version "0.548_beta"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.549_beta Search vendor "E107" for product "E107" and version "0.549_beta"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.551_beta Search vendor "E107" for product "E107" and version "0.551_beta"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.552_beta Search vendor "E107" for product "E107" and version "0.552_beta"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.553_beta Search vendor "E107" for product "E107" and version "0.553_beta"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.554 Search vendor "E107" for product "E107" and version "0.554"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.554_beta Search vendor "E107" for product "E107" and version "0.554_beta"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.555_beta Search vendor "E107" for product "E107" and version "0.555_beta"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.600 Search vendor "E107" for product "E107" and version "0.600"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.601 Search vendor "E107" for product "E107" and version "0.601"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.602 Search vendor "E107" for product "E107" and version "0.602"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.603 Search vendor "E107" for product "E107" and version "0.603"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.604 Search vendor "E107" for product "E107" and version "0.604"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.605 Search vendor "E107" for product "E107" and version "0.605"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.606 Search vendor "E107" for product "E107" and version "0.606"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.607 Search vendor "E107" for product "E107" and version "0.607"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.608 Search vendor "E107" for product "E107" and version "0.608"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.609 Search vendor "E107" for product "E107" and version "0.609"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.610 Search vendor "E107" for product "E107" and version "0.610"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.611 Search vendor "E107" for product "E107" and version "0.611"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.612 Search vendor "E107" for product "E107" and version "0.612"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.613 Search vendor "E107" for product "E107" and version "0.613"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.614 Search vendor "E107" for product "E107" and version "0.614"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.615 Search vendor "E107" for product "E107" and version "0.615"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.615a Search vendor "E107" for product "E107" and version "0.615a"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.616 Search vendor "E107" for product "E107" and version "0.616"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.617 Search vendor "E107" for product "E107" and version "0.617"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.6171 Search vendor "E107" for product "E107" and version "0.6171"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.6172 Search vendor "E107" for product "E107" and version "0.6172"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.6173 Search vendor "E107" for product "E107" and version "0.6173"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.6174 Search vendor "E107" for product "E107" and version "0.6174"		-		Affected
E107 Search vendor "E107"		E107 Search vendor "E107" for product "E107"				0.6175 Search vendor "E107" for product "E107" and version "0.6175"		-		Affected