Description
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Job Board Cross-Site Scripting (2.4.3)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7827)
Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-25577)
WebLogic Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-11987)
Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2019-16891)