Description

SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.

Remediation

References

CVE-2011-4946

Related Vulnerabilities

WordPress Plugin Quartz SQL Injection (1.01.1)

WordPress 3.8.x Cross-Domain Flash Injection Vulnerability (3.8 - 3.8.24)

WebLogic CVE-2019-2418 Vulnerability (CVE-2019-2418)

WordPress Plugin Flexible Checkout Fields for WooCommerce Security Bypass (2.3.1)

WordPress Plugin BrewMaster Multiple Cross-Site Scripting Vulnerabilities (1.0)

Severity

Medium

Classification

CVE-2011-4946 CWE-138

Tags

Missing Update Known Vulnerabilities