SQL Injection Vulnerability in e107 Content Management System
CVE-2018-16389

6.5MEDIUM

Key Information:

Vendor: E107
Status: E107
Vendor: CVE Published:; 12 September 2018

What is CVE-2018-16389?

The e107 Content Management System version 2.1.8 contains a vulnerability in the 'banlist.php' file, which allows an attacker to execute SQL injection attacks through the manipulation of the 'old_ip' parameter. This exploitation can enable unauthorized access to sensitive database information, potentially compromising the integrity and security of the entire web application. It is crucial for users of e107 to apply security measures or updates to mitigate this risk.

References

https://github.com/e107inc/e107/commit/ec483e9379aa622bfc...

x_refsource_CONFIRM

https://gist.github.com/ommadawn46/51e08e13e6980dcbcffb43...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2018
Vulnerability Reserved
Sep 2, 2018

CVE-2018-16389 Data

JSON

E107

What is CVE-2018-16389?

References

CVSS V3.1

Timeline