CVE-2005-4224

Name of the Vulnerable Software and Affected Versions e107 version 0.7

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible via several parameters in different PHP files, including email, hideemail, image, realname, signature, timezone, and xupexist in "signup.php", content comment, content rating, and content summary in "subcontent.php", download category and file demo in "upload.php", and email, hideemail, user timezone, and user xup in "usersettings.php".

Recommendations For e107 version 0.7, as a temporary workaround, consider restricting access to the vulnerable parameters until a patch is available. Avoid using the parameters email, hideemail, image, realname, signature, timezone, xupexist, content comment, content rating, content summary, download category, file demo, user timezone, and user xup in the affected PHP files.