E107 · E107 · CVE-2018-16389
**Name of the Vulnerable Software and Affected Versions**
e107 version 2.1.8
**Description**
The issue allows SQL injection via the `old ip` parameter in the e107 admin/banlist.php file.
**Recommendations**
For version 2.1.8, avoid using the `old ip` parameter in the affected API endpoint until the issue is resolved.