Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
e107 resetcore.php SQL Injection
Information
Severity
Severity
High
Family
Family
Web application abuses
CVSSv2 Base
CVSSv2 Base
7.5
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Solution Type
Solution Type
Vendor Patch
Created
Created
18 years ago
Modified
Modified
5 years ago
Summary
The remote web server contains a PHP script that is prone to a SQL injection attack.
Insight
Insight
The remote host appears to be running e107, a web content management system written in PHP. There is a flaw in the version of e107 on the remote host such that anyone can injection SQL commands through the 'resetcore.php' script which may be used to gain administrative access trivially.
Solution
Solution
Upgrade to e107 version 0.6173 or later.