CVE-2006-4757

Name of the Vulnerable Software and Affected Versions e107 version 0.7.5

Description The issue concerns SQL injection vulnerabilities in the admin section, allowing remote authenticated administrative users to execute arbitrary SQL commands. This is possible via specific parameters in various PHP files, including linkopentype, linkrender, link class, and link id in links.php, searchquery in users.php, and download category class in download.php.

Recommendations For e107 version 0.7.5, consider restricting access to the admin section and limiting the privileges of administrative users to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable parameters linkopentype, linkrender, link class, link id, searchquery, and download category class in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.