e107 "keyword" SQL Injection Vulnerability


Description   (:An SQL injection vulnerability has been identified in e107.:A remote attacker could exploit it in order to perform operations on the database via specially crafted requests.::This vulnerability stems from a lack of sanitization upon the "keyword" POST variable by the "e107_plugins/pm/pm.php" script.::An exploitation code is available.)
     
Vulnerable Products   Vulnerable Software:
E107 (E107) -
     
Solution   No solution for the moment.
     
CVE  
     
References   - 0day.today : e107 <= 2.1.4 keyword Blind SQL Injection Exploit
http://0day.today/exploit/27276
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
SQL injection Prevention - POST : suspicious UPDATE statement in data
5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data
5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data
5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data
5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data
5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data
5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data
5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data
5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data
5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data
5.0.0
SQL injection Prevention - POST : suspicious OR statement in data
5.0.0
SQL injection Prevention - POST : possible version probing in data
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2017-03-10 

 Target Type 
Server 

 Possible exploit 
Remote