1. Home
  2. CVE Database
  3. CVE-2010-2098
HIGH · 7.5

CVE-2010-2098

Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.

Vulnerability Description

Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
E107E107<= 0.7.20

References

FAQ

What is CVE-2010-2098?

CVE-2010-2098 is a vulnerability with a CVSS score of 7.5 (HIGH). Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.

How severe is CVE-2010-2098?

CVE-2010-2098 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-2098?

Check the references section above for vendor advisories and patch information. Affected products include: E107 E107.