Description

SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.

Remediation

References

CVE-2011-4946

Related Vulnerabilities

Twisted Web HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21712)

WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple HTML Injection Vulnerabilities (1.9.0)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19201)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18039)

Oracle JRE CVE-2017-10309 Vulnerability (CVE-2017-10309)

Severity

Medium

Classification

CVE-2011-4946 CWE-138

Tags

Missing Update Known Vulnerabilities