WEB APPLICATION VULNERABILITIES Standard & Premium

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16389)

Description

e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.

Remediation

References

Related Vulnerabilities

Django Incorrect Default Permissions Vulnerability (CVE-2019-19118)

WordPress Plugin SlideDeck 2 Lite Responsive Content Slider Local/Remote File Inclusion (2.3.3)

Joomla CVE-2018-15881 Vulnerability (CVE-2018-15881)

Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-6787)

Dot CMS Uncontrolled Recursion Vulnerability (CVE-2022-37034)

Severity

Medium

Classification

CVE-2018-16389 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities