CVE-2016-10753

CVE-2016-10753

EPSS 1.7%

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/https://demo.ripstech.com/projects/e107_2.1.2