In the middle of time I was doing some blackbox testing for e107 cms (latest version for date: e107_2.1.1_full.zip). When I was testing admin's panel, I found that it's vulnerable to SQL injection. Full request is below:
I verified it (by sqlmap) like this:
Seems that the vulnerable parameter is pagelist:
Request is accesible from this menu:
I think that the bug exists here:
Vendor was notified but to this day (16.09) - I did not received any response.