Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e107 e107 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-2590
SQL injection vulnerability in e107 prior to 0.7.5 allows remote malicious users to execute arbitrary SQL commands via unknown attack vectors.
E107 E107 0.7.5
NA
CVE-2006-2591
Unspecified vulnerability in e107 prior to 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".
E107 E107 0.7.5
NA
CVE-2005-4224
Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote malicious users to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, conten...
E107 E107 0.7
NA
CVE-2015-1057
Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote malicious users to inject arbitrary web script or HTML via the "Real Name" value.
E107 E107 2.0.0
1 EDB exploit
4.8
CVSSv3
CVE-2018-17423
An issue exists in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.
E107 E107 2.1.9
NA
CVE-2012-6434
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3)...
E107 E107 1.0.2
1 EDB exploit
8.8
CVSSv3
CVE-2016-10753
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
E107 E107 2.1.2
NA
CVE-2008-6208
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote malicious users to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown; the details are...
E107 E107 0.7.11
8.8
CVSSv3
CVE-2018-15901
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
E107 E107 2.1.8
1 Github repository
6.1
CVSSv3
CVE-2018-16381
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
E107 E107 2.1.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »