Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e107 e107 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2003-1191
chatbox.php in e107 0.554 and 0.603 allows remote malicious users to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded.
E107 E107 0.545
E107 E107 0.603
1 EDB exploit
5
CVSSv2
CVE-2004-2039
e107 0.615 allows remote malicious users to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
E107 E107 0.6 15
E107 E107 0.6 15a
7.5
CVSSv2
CVE-2004-2042
Multiple SQL injection vulnerabilities in e107 0.615 allow remote malicious users to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
E107 E107 0.615a
E107 E107 0.615
4.3
CVSSv2
CVE-2006-0857
Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote malicious users to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element.
E107 Chatbox Plugin 1.0
E107 E107 0.7.2
1 EDB exploit
6.8
CVSSv2
CVE-2021-27885
usersettings.php in e107 up to and including 2.3.0 lacks a certain e_TOKEN protection mechanism.
E107 E107
5
CVSSv2
CVE-2005-3594
game_score.php in e107 allows remote malicious users to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables.
E107 E107
7.5
CVSSv2
CVE-2005-1949
The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote malicious users to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter.
E107 E107
7.5
CVSSv2
CVE-2004-2262
ImageManager in e107 prior to 0.617 does not properly check the types of uploaded files, which allows remote malicious users to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
E107 E107
1 EDB exploit
7.5
CVSSv2
CVE-2005-2559
doping.php in ePing plugin 1.02 and previous versions for e107 portal allows remote malicious users to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&am...
E107 E107
5.1
CVSSv2
CVE-2011-4921
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions prior to 1.0.0, allows remote malicious users to execute arbitrary SQL commands via the username parameter.
E107 E107 0.7.26
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »