Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e107 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2005-1966
The eTrace_validaddr function in eTrace plugin for e107 portal allows remote malicious users to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter.
E107 E107 1.0.1
383
VMScore
CVE-2018-11127
e107 2.1.7 has CSRF resulting in arbitrary user deletion.
E107 E107 2.1.7
755
VMScore
CVE-2006-5786
Directory traversal vulnerability in class2.php in e107 0.7.5 and previous versions allows remote malicious users to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
E107 E107 0.7.5
1 EDB exploit
383
VMScore
CVE-2015-1041
Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote malicious users to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING.
E107 E107 1.0.4
435
VMScore
CVE-2015-1057
Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote malicious users to inject arbitrary web script or HTML via the "Real Name" value.
E107 E107 2.0.0
1 EDB exploit
475
VMScore
CVE-2006-4794
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote malicious users to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (...
E107 E107 0.7.5
9 EDB exploits
454
VMScore
CVE-2011-4921
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions prior to 1.0.0, allows remote malicious users to execute arbitrary SQL commands via the username parameter.
E107 E107 0.7.26
605
VMScore
CVE-2018-15901
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
E107 E107 2.1.8
1 Github repository
383
VMScore
CVE-2008-6208
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote malicious users to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown; the details are...
E107 E107 0.7.11
383
VMScore
CVE-2017-8098
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
E107 E107 2.1.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »