Description
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
Remediation
References
Related Vulnerabilities
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3412)
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Cross-Site Scripting (1.5.5)
WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.25)
WordPress 'press-this.php' Remote Security Bypass Vulnerability (0.7 - 3.1.1)