PT-2009-1544 · E107 · E107 Echat Plugin

Published

2009-02-06

Updated

2018-10-11

CVE-2008-6069

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions e107 eChat plugin version 4.2

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible when the magic quotes gpc setting is disabled. The nick parameter is vulnerable to SQL injection.

Recommendations For e107 eChat plugin version 4.2, consider disabling the nick parameter in the e107chat.php file until a patch is available. Additionally, enabling magic quotes gpc can help mitigate this issue.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-6069

Affected Products

E107 Echat Plugin

PT-2009-1544 · E107 · E107 Echat Plugin

CVE-2008-6069

Weakness Enumeration

Related Identifiers

Affected Products

References · 4