CVE-2011-1513
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
04/11/2011
Last modified:
11/04/2025
Description
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:* | 0.7.24 (including) | |
| cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931&r2=12376&pathrev=12376
- http://www.coresecurity.com/content/e107-cms-script-command-injection
- http://www.securityfocus.com/bid/50339
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70921
- http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931&r2=12376&pathrev=12376
- http://www.coresecurity.com/content/e107-cms-script-command-injection
- http://www.securityfocus.com/bid/50339
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70921