4 matches found
e107 0.7.20 RCE
Remote command execution in e107 bbcode contact.php Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Sql injection
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter...
Design/Logic Flaw
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method...
CVE-2010-2098
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter...