Description
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Uploader 'uploadify.php' Arbitrary File Upload (1.0.4)
WordPress Plugin Code Snippets Cross-Site Scripting (2.6.1)
MySQL CVE-2018-3137 Vulnerability (CVE-2018-3137)
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-0305)
WordPress Plugin Advanced Access Manager Unspecified Vulnerability (5.9.8.1)