Strix
26.1K

CVE-2006-4757

UnknownEPSS 0.88%

Last modified

CVE-2006-4757 is a vulnerability of currently unknown severity. Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access.". EPSS estimates a 0.88% chance of exploitation in the next 30 days.

Description

Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."

Metrics

EPSS Probability
0.88%

54.5th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
E107E107<= 0.7.5
E107E1070.6_10
E107E1070.6_11
E107E1070.6_12
E107E1070.6_13
E107E1070.6_14
E107E1070.6_15
E107E1070.6_15a
E107E1070.7
E107E1070.7.1
E107E1070.7.2
E107E1070.7.3
E107E1070.7.4
E107E1070.545
E107E1070.547_beta
E107E1070.548_beta
E107E1070.549_beta
E107E1070.551_beta
E107E1070.552_beta
E107E1070.553_beta
E107E1070.554
E107E1070.554_beta
E107E1070.555_beta
E107E1070.600
E107E1070.601
E107E1070.602
E107E1070.603
E107E1070.604
E107E1070.605
E107E1070.606
E107E1070.607
E107E1070.608
E107E1070.609
E107E1070.610
E107E1070.611
E107E1070.612
E107E1070.613
E107E1070.614
E107E1070.615
E107E1070.615a
E107E1070.616
E107E1070.617
E107E1070.6171
E107E1070.6172
E107E1070.6173
E107E1070.6174
E107E1070.6175

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-4757?
Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."
How severe is CVE-2006-4757?
Severity scoring for CVE-2006-4757 is pending analysis. The EPSS model estimates a 0.88% probability of exploitation in the next 30 days.
How do I fix CVE-2006-4757?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-4757?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST