2019-05-24 17:40:34
mitre
PUBLISHED
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.