Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
e107 'usersettings.php'SQL注入漏洞
Vulnerability Description
e107是用php编写的内容管理系统。 e107的usersettings.php脚本没有正确地过滤对hide[]密钥所传送的输入,如果magic_quotes_gpc = off的话远程攻击者就可以通过提交恶意请求执行SQL注入攻击。以下是usersettings.php中的有漏洞代码段: 433 - 441行: if($ue_fields) { $hidden_fields = implode("^", array_keys($_POST[' hide' ])); <------ {1} if($hi
CVSS Information
N/A
Vulnerability Type
N/A