CVE-2006-3259

Name of the Vulnerable Software and Affected Versions e107 version 0.7.5

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the ep parameter to "search.php" or the subject parameter in "comment.php", which is also known as the Subject field when posting a comment.

Recommendations For e107 version 0.7.5, consider restricting access to the "search.php" and "comment.php" scripts until a fix is available, and avoid using the ep and subject parameters in these scripts to minimize the risk of exploitation.