Description

SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page.

Remediation

References

CVE-2005-3521

Related Vulnerabilities

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2032)

MySQL CVE-2018-2665 Vulnerability (CVE-2018-2665)

Joomla! Core 1.7.0 Information Disclosure (1.7.0)

TYPO3 Resource Management Errors Vulnerability (CVE-2013-1843)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6472)

Severity

High

Classification

CVE-2005-3521

Tags

Missing Update Known Vulnerabilities