Description

SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.

Remediation

References

CVE-2008-5320

Related Vulnerabilities

WordPress Plugin The Plus Addons for Elementor Security Bypass (4.1.10)

WordPress Deserialization of Untrusted Data Vulnerability (CVE-2022-21663)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-8874)

WordPress Plugin Buddypress Xprofile Custom Fields Type Arbitrary File Deletion (2.6.3)

Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2016-4068)

Severity

Medium

Classification

CVE-2008-5320 CWE-138

Tags

Missing Update Known Vulnerabilities