Description
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
Remediation
References
Related Vulnerabilities
Grafana Cleartext Storage of Sensitive Information Vulnerability (CVE-2022-26148)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33327)
WordPress Plugin WPS Limit Login Multiple Vulnerabilities (1.4.5)
WordPress Plugin Elementor Addon Elements Cross-Site Request Forgery (1.6.3)