Description

SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page.

Remediation

References

CVE-2005-3521

Related Vulnerabilities

OpenVPN AS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2061)

WordPress Plugin Popup by Supsystic Cross-Site Request Forgery (1.7.8)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4307)

Craft CMS CVE-2024-21622 Vulnerability (CVE-2024-21622)

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7073)

Severity

High

Classification

CVE-2005-3521

Tags

Missing Update Known Vulnerabilities