7.5

CVE-2005-4224

EPSS 1.39%
Published 14.12.2005 11:03:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

E107 ≫ E107 Version0.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.39%	0.786

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://glide.stanford.edu/yichen/research/sec.pdf

http://www.securityfocus.com/archive/1/419280/100/0/threaded

http://www.securityfocus.com/archive/1/419487/100/0/threaded

http://secunia.com/advisories/18023/

Vendor Advisory

http://www.osvdb.org/21657

http://www.osvdb.org/21658

http://www.osvdb.org/21659

http://www.osvdb.org/21660

http://www.vupen.com/english/advisories/2005/2861

https://nvd.nist.gov/vuln/detail/CVE-2005-4224

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-4224

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-4224

EUVD