CVE-2016-10753
CVE-2016-10753 affects e107 2.1.2. It enables a PHP Object Injection vulnerability via usersettings.php that calls unserialize without an HMAC, which leads to a subsequent SQL injection. The root cause is improper handling of unserialize data, enabling an attacker-controlled object to affect data...