e107 2.1.2: SQL Injection through Object Injection

2016-12-23T11:00:00
ID RIPSTECH:7905DA1273A757099DE3CE789B112E9A
Type ripstech
Reporter RIPS Technologies Blog
Modified 2016-12-23T11:00:00

Description

RIPS Analysis The e107 CMS consists of 317,356 lines of code and was analyzed in about 2 minutes. Many of the vulnerabilities found by RIPS are exploitable, despite a few exceptions. The main reason for this is that e107 contains a lot of unused code from previous releases and thus not all affected functions are reachable. Most of the SQL injection vulnerabilities are caused by missing quotes.