Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e107 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2011-3731
e107 0.7.24 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files.
E107 E107 0.7.24
445
VMScore
CVE-2006-2591
Unspecified vulnerability in e107 prior to 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".
E107 E107 0.7.5
755
VMScore
CVE-2006-5786
Directory traversal vulnerability in class2.php in e107 0.7.5 and previous versions allows remote malicious users to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
E107 E107 0.7.5
1 EDB exploit
578
VMScore
CVE-2016-10753
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
E107 E107 2.1.2
668
VMScore
CVE-2005-1966
The eTrace_validaddr function in eTrace plugin for e107 portal allows remote malicious users to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter.
E107 E107 1.0.1
475
VMScore
CVE-2006-4794
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote malicious users to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (...
E107 E107 0.7.5
9 EDB exploits
383
VMScore
CVE-2017-8098
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
E107 E107 2.1.4
668
VMScore
CVE-2005-4224
Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote malicious users to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, conten...
E107 E107 0.7
578
VMScore
CVE-2016-10378
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
E107 E107 2.1.1
383
VMScore
CVE-2018-11127
e107 2.1.7 has CSRF resulting in arbitrary user deletion.
E107 E107 2.1.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »