EUVD-2009-1407

Malware in sbrugna...

EUVD-2018-13300

Malware in sbrugna...

CVE-2009-1409

The CVE-2009-1409 entry describes an SQL injection in e107 (versions up to 0.7.15 and earlier) affecting usersettings.php when Extended User Fields is enabled and magic_quotes_gpc is disabled. An attacker can craft the hide parameter to execute arbitrary SQL commands remotely. The description spe...

CVE-2009-1409

SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320...

e107 0.7.15 - extended_user_fields Blind SQL Injection

e107 0.7.15 - extendeduserfields Blind SQL Injection !/usr/bin/env perl e107 dbUpdate"userextended", $uefields." WHERE userextendedid = '".intval$inp."'"; ue POST variable needs a valid key such as "aim","msn" or other userextendedfields @fields array. Fix this sql injection using php function...