Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2011-11-04 14:55
Updated : 2017-08-16 18:34
NVD link : CVE-2011-1513
Mitre link : CVE-2011-1513
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
e107
- e107