CVE-2016-10753

CVE-2016-10753

EPSS 1.7%

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/https://demo.ripstech.com/projects/e107_2.1.2