Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e107 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6466
SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote malicious users to execute arbitrary SQL commands via the image parameter in an image-detail action.
Akirapowered Image Gallery 0.9.6.2
1 EDB exploit
NA
CVE-2008-6114
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote malicious users to execute arbitrary SQL commands via the product parameter.
Mytipper Zogo Shop 1.15.4
1 EDB exploit
NA
CVE-2008-6069
SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the nick parameter.
123flashchat Echat Plugin 4.2
NA
CVE-2008-2447
SQL injection vulnerability in products.php in the Mytipper ZoGo-shop plugin 1.15.5 and 1.16 Beta 13 for e107 allows remote malicious users to execute arbitrary SQL commands via the cat parameter.
Mytipper Zogo Shop 1.15.5
Mytipper Zogo Shop 1.16
1 EDB exploit
NA
CVE-2004-2261
Cross-site scripting (XSS) vulnerability in e107 allows remote malicious users to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.
NA
CVE-2004-2041
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote malicious users to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
NA
CVE-2005-4052
e107 0.6174 allows remote malicious users to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site.
NA
CVE-2011-15133
Core Security Technologies Advisory - When the install script for e107 CMS has not been removed, an attacker can "reinstall" the application using arbitrary parameters. If the attacker puts a valid MySql server followed a semicolon and PHP code, this will be executed wh...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9