Arbitrary SQL Command Execution in usersettings.php in e107 0.7.26 and Earlier Versions

Arbitrary SQL Command Execution in usersettings.php in e107 0.7.26 and Earlier Versions

CVE-2011-4921 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter.

Learn more about our User Device Pen Test.