Описание
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-2098
- http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11521&r2=11538
- http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11538&r2=11541
- http://php-security.org/2010/05/15/mops-2010-029-cmsqlite-c-parameter-sql-injection-vulnerability/index.html
EPSS
Процентиль: 66%
0.00517
Низкий
CVE ID
Связанные уязвимости
nvd
больше 15 лет назад
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.
EPSS
Процентиль: 66%
0.00517
Низкий