Description
SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page.
Remediation
References
Related Vulnerabilities
Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-8451)
WordPress Plugin Loco Translate Local File Inclusion (2.2.1)
WordPress Plugin Gantry 4 Framework Cross-Site Scripting (4.1.5)
WordPress Plugin Product Slider for WooCommerce by PickPlugins Cross-Site Scripting (1.13.41)
Nginx Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9516)