Description

Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.

Remediation

References

CVE-2010-2098

Related Vulnerabilities

MySQL CVE-2018-2665 Vulnerability (CVE-2018-2665)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20328)

WordPress Plugin WPBakery Page Builder Clipboard Cross-Site Scripting (4.5.5)

WordPress Plugin Revamp CRM for WooCommerce Local File Inclusion (1.0.3)

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5747)

Severity

High

Classification

CVE-2010-2098

Tags

Missing Update Known Vulnerabilities