CVE-2011-1513

Current Description

Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.

Basic Data

PublishedNovember 04, 2011
Last ModifiedAugust 17, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-78
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationE107E1070.7*******
    2.3ApplicationE107E1070.7.0*******
    2.3ApplicationE107E1070.7.1*******
    2.3ApplicationE107E1070.7.2*******
    2.3ApplicationE107E1070.7.3*******
    2.3ApplicationE107E1070.7.4*******
    2.3ApplicationE107E1070.7.5*******
    2.3ApplicationE107E1070.7.6*******
    2.3ApplicationE107E1070.7.7*******
    2.3ApplicationE107E1070.7.8*******
    2.3ApplicationE107E1070.7.9*******
    2.3ApplicationE107E1070.7.10*******
    2.3ApplicationE107E1070.7.11*******
    2.3ApplicationE107E1070.7.12*******
    2.3ApplicationE107E1070.7.13*******
    2.3ApplicationE107E1070.7.14*******
    2.3ApplicationE107E1070.7.15*******
    2.3ApplicationE107E1070.7.16*******
    2.3ApplicationE107E1070.7.17*******
    2.3ApplicationE107E1070.7.18*******
    2.3ApplicationE107E1070.7.19*******
    2.3ApplicationE107E1070.7.20*******
    2.3ApplicationE107E1070.7.21*******
    2.3ApplicationE107E1070.7.22*******
    2.3ApplicationE107E107********0.7.24
    2.3ApplicationE107E1070.545*******
    2.3ApplicationE107E1070.547beta******
    2.3ApplicationE107E1070.548beta******
    2.3ApplicationE107E1070.549beta******
    2.3ApplicationE107E1070.551beta******
    2.3ApplicationE107E1070.552beta******
    2.3ApplicationE107E1070.553beta******
    2.3ApplicationE107E1070.554*******
    2.3ApplicationE107E1070.554beta******
    2.3ApplicationE107E1070.555beta******
    2.3ApplicationE107E1070.600*******
    2.3ApplicationE107E1070.601*******
    2.3ApplicationE107E1070.602*******
    2.3ApplicationE107E1070.603*******
    2.3ApplicationE107E1070.604*******
    2.3ApplicationE107E1070.605*******
    2.3ApplicationE107E1070.606*******
    2.3ApplicationE107E1070.607*******
    2.3ApplicationE107E1070.608*******
    2.3ApplicationE107E1070.609*******
    2.3ApplicationE107E1070.610*******
    2.3ApplicationE107E1070.611*******
    2.3ApplicationE107E1070.612*******
    2.3ApplicationE107E1070.613*******
    2.3ApplicationE107E1070.614*******
    2.3ApplicationE107E1070.615*******
    2.3ApplicationE107E1070.615a*******
    2.3ApplicationE107E1070.616*******
    2.3ApplicationE107E1070.617*******
    2.3ApplicationE107E1070.6171*******
    2.3ApplicationE107E1070.6172*******
    2.3ApplicationE107E1070.6173*******
    2.3ApplicationE107E1070.6174*******
    2.3ApplicationE107E1070.6175*******

Vulnerable Software List

VendorProductVersions
E107 E107 *, 0.545, 0.547, 0.548, 0.549, 0.551, 0.552, 0.553, 0.554, 0.555, 0.600, 0.601, 0.602, 0.603, 0.604, 0.605, 0.606, 0.607, 0.608, 0.609, 0.610, 0.611, 0.612, 0.613, 0.614, 0.615, 0.615a, 0.616, 0.617, 0.6171, 0.6172, 0.6173, 0.6174, 0.6175, 0.7, 0.7.0, 0.7.1, 0.7.10, 0.7.11, 0.7.12, 0.7.13, 0.7.14, 0.7.15, 0.7.16, 0.7.17, 0.7.18, 0.7.19, 0.7.2, 0.7.20, 0.7.21, 0.7.22, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9

References

NameSourceURLTags
http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931&r2=12376&pathrev=12376http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931&r2=12376&pathrev=12CONFIRMPatch
http://www.coresecurity.com/content/e107-cms-script-command-injectionhttp://www.coresecurity.com/content/e107-cms-script-command-injectionMISCExploit Patch
50339http://www.securityfocus.com/bid/50339BIDExploit
e107-cmd-command-execution(70921)https://exchange.xforce.ibmcloud.com/vulnerabilities/70921XF