Description

Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.

Remediation

References

CVE-2010-2098

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2018-1318)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31779)

WordPress Plugin BackupBuddy Arbitrary File Download (8.7.4.1)

TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-11069)

Joomla! Core 3.x.x Cross-Site Request Forgery (3.7.0 - 3.9.18)

Severity

High

Classification

CVE-2010-2098

Tags

Missing Update Known Vulnerabilities