https://www.exploit-db.com/exploits/24154
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200405-064

e107Website系统是一款网站构架/内容管理系统。e107Website系统存在多个输入验证错误问题，远程攻击者可以利用这些漏洞获得敏感信息或更改数据库信息。由于没有对用户提交的URI数据缺少充分过滤，攻击者可以进行路径泄露，跨站脚本执行，文件包含，SQL注入等攻击，导致敏感信息泄露，或直接修改数据库数据。

source: http://www.securityfocus.com/bid/10436/info
 
e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code.
 
- HTML injection in the "email article to a friend" and "submit news" pages.:

foobar'><body onload=alert(document.cookie);>

来源:XF
名称:e107-user-setting-xss(16281)
链接:http://xforce.iss.net/xforce/xfdb/16281
来源:XF
名称:e107-email-friend-xss(16280)
链接:http://xforce.iss.net/xforce/xfdb/16280
来源:XF
名称:e107-clock-menu-xss(16279)
链接:http://xforce.iss.net/xforce/xfdb/16279
来源:SECUNIA
名称:11740
链接:http://secunia.com/advisories/11740
来源:www.waraxe.us
链接:http://www.waraxe.us/index.php?modname=sa&id;=31
来源:BID
名称:10436
链接:http://www.securityfocus.com/bid/10436
来源:OSVDB
名称:6529
链接:http://www.osvdb.org/6529
来源:OSVDB
名称:6528
链接:http://www.osvdb.org/6528
来源:OSVDB
名称:6527
链接:http://www.osvdb.org/6527
来源:OSVDB
名称:6526
链接:http://www.osvdb.org/6526
来源:BUGTRAQ
名称:20040529[waraxe-2004-SA#031-Multiplevulnerabilitiesine107version0.615]
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108588043007224&w;=2
来源:FULLDISC
名称:20040529[waraxe-2004-SA#031-Multiplevulnerabilitiesine107version0.615]
链接:http://marc.theaimsgroup.com/?l=full-disclosure&m;=108586723116427&w;=2