FreeBSD : e107 -- code execution and XSS vulnerabilities (a4746a86-4c89-11df-83fb-0015587e2cc1)
Medium Nessus Plugin ID 45586
The remote FreeBSD host is missing a security-related update.
Secunia Research reported two vulnerabilities in e107 : The first problem affects installations that have the Content Manager plugin enabled. This plugin does not sanitize the 'content_heading' parameter correctly and is therefore vulnerable to a cross site scripting attack. The second vulnerability is related to the avatar upload functionality. Images containing PHP code can be uploaded and executed.