Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e107 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2004-2039
e107 0.615 allows remote malicious users to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
E107 E107 0.6 15
E107 E107 0.6 15a
7.5
CVSSv2
CVE-2004-2042
Multiple SQL injection vulnerabilities in e107 0.615 allow remote malicious users to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
E107 E107 0.615a
E107 E107 0.615
4.3
CVSSv2
CVE-2004-2040
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote malicious users to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg ...
E107 E107 0.6 15a
E107 E107 0.6 15
2 EDB exploits
4.3
CVSSv2
CVE-2006-0857
Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote malicious users to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element.
E107 Chatbox Plugin 1.0
E107 E107 0.7.2
1 EDB exploit
7.5
CVSSv2
CVE-2005-1949
The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote malicious users to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter.
E107 E107
6.8
CVSSv2
CVE-2021-27885
usersettings.php in e107 up to and including 2.3.0 lacks a certain e_TOKEN protection mechanism.
E107 E107
5
CVSSv2
CVE-2005-3594
game_score.php in e107 allows remote malicious users to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables.
E107 E107
7.5
CVSSv2
CVE-2005-2559
doping.php in ePing plugin 1.02 and previous versions for e107 portal allows remote malicious users to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&am...
E107 E107
7.5
CVSSv2
CVE-2004-2262
ImageManager in e107 prior to 0.617 does not properly check the types of uploaded files, which allows remote malicious users to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
E107 E107
1 EDB exploit
4.3
CVSSv2
CVE-2018-11734
In e107 v2.1.7, output without filtering results in XSS.
E107 E107 2.1.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »