WEB APPLICATION VULNERABILITIES Standard & Premium

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16389)

Description

e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.

Remediation

References

Related Vulnerabilities

WordPress Plugin WordPress Photo Gallery by Gallery Bank Unspecified Vulnerability (4.0.48)

WordPress Plugin GD Star Rating 'tpl_section' Parameter Cross-Site Scripting (1.9.16)

WordPress Plugin Advanced Order Export For WooCommerce Cross-Site Scripting (3.1.3)

Joomla! Core 3.x.x Multiple Cross-Site Scripting Vulnerabilities (3.0.0 - 3.8.7)

Oracle JRE CVE-2020-2754 Vulnerability (CVE-2020-2754)

Severity

Medium

Classification

CVE-2018-16389 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities