e107 Other Vulnerability - CVE-2006-4757

Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype (2) linkrender (3) link_class and (4) link_id parameters in (a) links.php the (5) searchquery parameter in (b) users.php and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability stating that quotIf your admins are injecting you you might want to reconsider their access.quot