Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e107 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6114
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote malicious users to execute arbitrary SQL commands via the product parameter.
Mytipper Zogo Shop 1.15.4
1 EDB exploit
NA
CVE-2008-6069
SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the nick parameter.
123flashchat Echat Plugin 4.2
NA
CVE-2008-2447
SQL injection vulnerability in products.php in the Mytipper ZoGo-shop plugin 1.15.5 and 1.16 Beta 13 for e107 allows remote malicious users to execute arbitrary SQL commands via the cat parameter.
Mytipper Zogo Shop 1.15.5
Mytipper Zogo Shop 1.16
1 EDB exploit
NA
CVE-2004-2261
Cross-site scripting (XSS) vulnerability in e107 allows remote malicious users to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.
NA
CVE-2004-2041
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote malicious users to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
NA
CVE-2005-4052
e107 0.6174 allows remote malicious users to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site.
NA
CVE-2011-15133
Core Security Technologies Advisory - When the install script for e107 CMS has not been removed, an attacker can "reinstall" the application using arbitrary parameters. If the attacker puts a valid MySql server followed a semicolon and PHP code, this will be executed wh...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9