2018-09-12 18:29:02 2018-11-02 19:35:38

e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.