Title: e107 Forum_post.PHP Arbitrary Post Creation Vulnerability
Severity: MODERATE
Description:
e107 is a Web based content management system written in PHP.
e107 is prone to an input validation vulnerability. This issue is due to a lack of proper sanitization of user-supplied input before using it in an SQL query.
The vulnerability allows an attacker to create posts in non-existent forums. The attacker may manipulate the 'nt' field of the 'forum_post.php' script to create a new topic, and inject data into the underlying database without the proper permissions.
Successful exploitation of this issue will permit an attacker to create arbitrary forum message posts.
Affected Products:
- e107.org e107 website system 0.603.0
- e107.org e107 website system 0.616.0
- e107.org e107 website system 0.617.0
References:
- e107.org: e107 website system Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
