game_score.php in e107 allows remote malicious users to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables.
e107 e107