Description
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2020-17118 Vulnerability (CVE-2020-17118)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5491)
Roundcube Improper Privilege Management Vulnerability (CVE-2017-8114)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-5459)