Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2009-1409

CVE information

Published

13 years ago

Last Modified

5 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Description

SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320..

CVSSv2.0 Score

Severity
Medium
Base Score
5.1/10
Exploit Score
4.9/10
Access Vector
Network
Access Complexity
High
Authentication Required
None
Impact Score
6.4/10
Confidentiality Impact
Partial
Availability Impact
Partial
Integrity Impact
Partial

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:e107:e107:0.551_beta:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:5.05:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.549_beta:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:5.21:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:* No - -
cpe:2.3:a:e107:e107:5.4_beta6:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:1.0.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.553_beta:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:5.3_beta2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:5.4_beta1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:5.4_beta3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:5.4_beta4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.547_beta:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.548_beta:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:5.3_beta:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:5.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:5.4_beta5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.552_beta:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:5.04:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:5.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*
  Yes
- -