e107 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2011-1513)
Description
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.