e107 resetcore.php SQL Injection

Summary
The remote web server contains a PHP script that is prone to a SQL injection attack. Description : The remote host appears to be running e107, a web content management system written in PHP. There is a flaw in the version of e107 on the remote host such that anyone can injection SQL commands through the 'resetcore.php' script which may be used to gain administrative access trivially.
Solution
Upgrade to e107 version 0.6173 or later.