hi all
----
TITLE:
e107 Page Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA10115

VERIFY ADVISORY:
[Only registered and activated users can see links]

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
e107 0.x

DESCRIPTION:
A vulnerability has been reported in E107, which can be exploited by
malicious users to prevent others from accessing certain pages.

The vulnerability is reportedly caused due to a validation error in
"Chatbox.php" when handling input supplied in the "Name:" field. This
can be exploited by including arbitrary script code, which will
result in some pages not being shown. Execution of script code is
reportedly not possible.

Successful exploitation requires that the "Chatbox.php" (tagboard) is
enabled.

The vulnerability has been reported in versions 0.545 and 0.603.
Other versions may also be affected.

SOLUTION:
Disable the "Chatbox.php" module.

REPORTED BY / CREDITS:
Blademaster

ORIGINAL ADVISORY:
E107 DoS Vulnerability:
[Only registered and activated users can see links]
---
bye