Description

Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.

Remediation

References

CVE-2010-2098

Related Vulnerabilities

WordPress Plugin Easy Comment Uploads 'upload.php' Arbitrary File Upload (0.61)

WordPress Plugin Visitor Traffic Real Time Statistics SQL Injection (3.8)

Artifactory Weak Password Requirements Vulnerability (CVE-2019-17444)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2202)

WordPress Plugin Mingle Forum Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.0.32.1)

Severity

High

Classification

CVE-2010-2098

Tags

Missing Update Known Vulnerabilities