CVE-2010-2098

2010-05-27T22:30:00
ID CVE-2010-2098
Type cve
Reporter cve@mitre.org
Modified 2012-12-13T04:00:00

Description

Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter. Per: http://cwe.mitre.org/data/definitions/184.html

'CWE-184: Incomplete Blacklist'