Description

SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name'].

Remediation

References

CVE-2006-2416

Related Vulnerabilities

Python Incorrect Authorization Vulnerability (CVE-2020-15801)

PHP Other Vulnerability (CVE-2007-4507)

WordPress Plugin The Plus Addons for Elementor Page Builder Lite Multiple Cross-Site Scripting Vulnerabilities (2.0.5)

WordPress Plugin Discounts Manager for Products Cross-Site Scripting (3.4.4)

WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10)

Severity

Medium

Classification

CVE-2006-2416 CWE-138

Tags

Missing Update Known Vulnerabilities