Description
game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables.
Remediation
References
Related Vulnerabilities
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3730)
WordPress Plugin Cms Pack TimThumb Arbitrary File Upload (1.3)
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.17)
WordPress Plugin Magic Post Voice Cross-Site Scripting (1.2)
WordPress Plugin Compact WP Audio Player Multiple Vulnerabilities (1.9.6)