Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e107 e107 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2012-6433
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote malicious users to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.
E107 E107 1.0.1
1 EDB exploit
6.8
CVSSv2
CVE-2012-6434
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3)...
E107 E107 1.0.2
1 EDB exploit
4.3
CVSSv2
CVE-2018-16381
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
E107 E107 2.1.8
5
CVSSv2
CVE-2011-3731
e107 0.7.24 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files.
E107 E107 0.7.24
6.5
CVSSv2
CVE-2016-10753
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
E107 E107 2.1.2
7.5
CVSSv2
CVE-2005-1966
The eTrace_validaddr function in eTrace plugin for e107 portal allows remote malicious users to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter.
E107 E107 1.0.1
3.5
CVSSv2
CVE-2018-17423
An issue exists in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.
E107 E107 2.1.9
4.3
CVSSv2
CVE-2006-4794
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote malicious users to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (...
E107 E107 0.7.5
9 EDB exploits
5
CVSSv2
CVE-2006-2591
Unspecified vulnerability in e107 prior to 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".
E107 E107 0.7.5
6.4
CVSSv2
CVE-2006-2590
SQL injection vulnerability in e107 prior to 0.7.5 allows remote malicious users to execute arbitrary SQL commands via unknown attack vectors.
E107 E107 0.7.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »