e107 resetcore.php Change Arbitrary Theme

2003-08-04T12:36:01
ID OSVDB:3855
Type osvdb
Reporter OSVDB
Modified 2003-08-04T12:36:01

Description

Vulnerability Description

e107 contains a flaw that allows a remote attacker to access and use the resetcore.php script. This allows someone to change the theme of the CMS and alter the appearance of the site.

Solution Description

Upgrade to version 0.601 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

e107 contains a flaw that allows a remote attacker to access and use the resetcore.php script. This allows someone to change the theme of the CMS and alter the appearance of the site.

References:

Vendor URL: http://e107.org/ Vendor Specific Advisory URL