Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e107 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-16389
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
E107 E107 2.1.8
NA
CVE-2011-4920
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions prior to 1.0.0, allow remote malicious users to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, ...
E107 E107 0.7.26
6.5
CVSSv3
CVE-2017-8098
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
E107 E107 2.1.4
5.4
CVSSv3
CVE-2023-36121
Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote malicious user to execute arbitrary code via the description function in the SEO project.
E107 E107 2.3.2
NA
CVE-2006-2591
Unspecified vulnerability in e107 prior to 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".
E107 E107 0.7.5
8.8
CVSSv3
CVE-2018-15901
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
E107 E107 2.1.8
1 Github repository
NA
CVE-2005-4051
e107 0.6174 allows remote malicious users to vote multiple times for a download via repeated requests to rate.php.
E107 E107 0.6174
8.8
CVSSv3
CVE-2016-10753
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
E107 E107 2.1.2
7.2
CVSSv3
CVE-2016-10378
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
E107 E107 2.1.1
7.2
CVSSv3
CVE-2018-16388
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote malicious users to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
E107 E107 2.1.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »