Description
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
Remediation
References
Related Vulnerabilities
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-12459)
Oracle Database Server CVE-2009-1969 Vulnerability (CVE-2009-1969)
Joomla! Core 1.0.x Multiple Cross-Site Scripting Vulnerabilities (1.0.0 - 1.0.10)
WordPress Plugin WP Design Maps & Places Cross-Site Scripting (1.2)