James Bercegay has discovered a vulnerability in e107, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
The vulnerability is caused due to the insecure use of the "extract()" function in download.php, which allows input passed via the POST method to overwrite arbitrary variables. This can be exploited to modify certain SQL statements and execute arbitrary PHP code.
The vulnerability is confirmed in version 0.7.11. Other versions may also be affected.
Solution: Update to version 0.7.24.
Provided and/or discovered by: James Bercegay, GulfTech Security Research Team
Original Advisory: http://www.gulftech.org/?node=research&article_id=00122-08072008
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org