Description

SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.

Remediation

References

CVE-2011-4946

Related Vulnerabilities

WordPress Plugin WP Insightly for Contact Form 7 and Ninja Forms Cross-Site Scripting (1.0.7)

PHP Other Vulnerability (CVE-2007-2511)

MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2016-9417)

Joomla CVE-2019-12764 Vulnerability (CVE-2019-12764)

WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download (1.2.6)

Severity

Medium

Classification

CVE-2011-4946 CWE-138

Tags

Missing Update Known Vulnerabilities