e107 Deserialization of Untrusted Data Vulnerability - CVE-2016-10753 - Vulnerability Database

e107 Deserialization of Untrusted Data Vulnerability - CVE-2016-10753

High

Reference: CVE-2016-10753

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-10753

Title: e107 Deserialization of Untrusted Data Vulnerability

Overview:

e107 2.1.2 allows PHP Object Injection with resultant SQL injection because usersettings.php uses unserialize without an HMAC.