Description

SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page.

Remediation

References

CVE-2005-3521

Related Vulnerabilities

MySQL CVE-2016-5635 Vulnerability (CVE-2016-5635)

jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)

WordPress Plugin Salon booking system Cross-Site Scripting (7.9.3)

PHP CVE-2004-0542 Vulnerability (CVE-2004-0542)

WordPress Plugin Feedify Remote Code Execution (2.0.0)

Severity

High

Classification

CVE-2005-3521

Tags

Missing Update Known Vulnerabilities