Secunia Security Advisory - Heintz has reported some vulnerabilities in e107, which can be exploited by malicious people to disclose sensitive information, conduct SQL injection attacks, and potentially bypass certain security restrictions and compromise a vulnerable system.
53b3628c4f1e5ac1d198dbe87800d2b762e1b4548915300919a7dc856652489e
----------------------------------------------------------------------
Want a new IT Security job?
Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
e107 Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA15282
VERIFY ADVISORY:
http://secunia.com/advisories/15282/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Manipulation of data, Exposure of sensitive
information, System access
WHERE:
>From remote
SOFTWARE:
e107 0.x
http://secunia.com/product/1927/
DESCRIPTION:
Heintz has reported some vulnerabilities in e107, which can be
exploited by malicious people to disclose sensitive information,
conduct SQL injection attacks, and potentially bypass certain
security restrictions and compromise a vulnerable system.
1) Input passed to the "search_info[0][sfile]" parameter in
"search.php" isn't properly verified, before it is used to include
files. This may be exploited to include arbitrary files from external
and local resources.
2) Input passed to the "request.php" script isn't properly verified,
before it is used to view files. This can be exploited to disclose
the content of arbitrary files via directory traversal attacks.
Successful exploitation requires that downloads are handled by PHP.
Example:
http://[host]/request.php?../../[file]
3) Input passed to the "forum_viewforum.php" script isn't properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.
Example:
http://[host]/forum_viewforum.php?5.[code]#
4) Some errors in the use of "extract()" may be exploited to
overwrite global arrays and gain administrative privileges.
The vulnerabilities have been reported in version 0.617. Other
versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
Some vulnerabilities have reportedly been fixed in the CVS repository
and will be included in the upcoming 0.7 version.
PROVIDED AND/OR DISCOVERED BY:
Heintz
ORIGINAL ADVISORY:
http://e107.org/e107_plugins/bugtracker2/bugtracker2.php?0.bug.558
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed