← back
CVE-2011-1513

CVE-2011-1513

EPSS 5.8%
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/36252unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931&r2=12376&pathrev=12376https://exchange.xforce.ibmcloud.com/vulnerabilities/70921http://www.coresecurity.com/content/e107-cms-script-command-injectionhttp://www.securityfocus.com/bid/50339