Description

Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.

Remediation

References

CVE-2010-2098

Related Vulnerabilities

WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (3.95)

Plone CMS CVE-2011-2528 Vulnerability (CVE-2011-2528)

WordPress Plugin Checklist Cross-Site Scripting (1.1.5)

PHP Uncontrolled Resource Consumption Vulnerability (CVE-2011-3336)

WordPress Plugin Elementor Website Builder Security Bypass (3.0.13)

Severity

High

Classification

CVE-2010-2098

Tags

Missing Update Known Vulnerabilities