Description

Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.

Remediation

References

CVE-2010-2098

Related Vulnerabilities

Ext JS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2007-6758)

WordPress Plugin Import Social Events Cross-Site Scripting (1.6.6)

MySQL CVE-2016-5612 Vulnerability (CVE-2016-5612)

WordPress Plugin Frontier Post Security Bypass (1.3.2)

MongoDb Incorrect Comparison Vulnerability (CVE-2019-20925)

Severity

High

Classification

CVE-2010-2098

Tags

Missing Update Known Vulnerabilities