Description
Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-3062 Vulnerability (CVE-2018-3062)
Nginx buffer underflow vulnerability
WordPress Plugin Fusion:Extension-Gallery Multiple Unspecified Vulnerabilities (1.0.4)
WordPress Plugin Poll, Survey, Questionnaire and Voting system SQL Injection (1.5.2)
MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2006-3469)