e107 e107_cookie Parameter SQL Injection

medium Nessus Plugin ID 21555

Synopsis

The remote web server contains a PHP script that is affected by a SQL injection vulnerability.

Description

The version of e107 installed on the remote host fails to sanitize input to the application-specific cookie used for authentication.
Provided PHP's 'magic_quotes_gpc' setting is disabled, a remote, unauthenticated attacker can leverage this issue to bypass authentication and generally manipulate SQL queries.

Solution

Upgrade to e107 version 0.7.4 or later.

See Also

https://www.securityfocus.com/archive/1/433938/30/0/threaded

http://www.nessus.org/u?4e869278

Plugin Details

Severity: Medium

ID: 21555

File Name: e107_cookie_sql_injection.nasl

Version: 1.26

Type: remote

Family: CGI abuses

Published: 5/15/2006

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:e107:e107

Required KB Items: www/e107

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 5/4/2006

Vulnerability Publication Date: 5/13/2006

Reference Information

CVE: CVE-2006-2416

BID: 17966