Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

e107 Deserialization of Untrusted Data Vulnerability (CVE-2016-10753)

Description

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.

Remediation

References

Related Vulnerabilities

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-2050)

Jboss EAP Cryptographic Issues Vulnerability (CVE-2014-0035)

WordPress Plugin Conditional Marketing Mailer for WooCommerce Cross-Site Request Forgery (1.5.2)

SugarCRM Incomplete List of Disallowed Inputs Vulnerability (CVE-2015-5946)

SharePoint CVE-2021-28478 Vulnerability (CVE-2021-28478)

Severity

High

Classification

CVE-2016-10753 CWE-502 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities