WEB APPLICATION VULNERABILITIES Standard & Premium

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16389)

Description

e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.

Remediation

References

Related Vulnerabilities

WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-7116)

PHP Observable Discrepancy Vulnerability (CVE-2024-2408)

Oracle JRE CVE-2011-3547 Vulnerability (CVE-2011-3547)

Drupal Core 7.x Denial of Service (7.0 - 7.19)

PHP Numeric Errors Vulnerability (CVE-2011-4566)

Severity

Medium

Classification

CVE-2018-16389 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities