Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e107 e107 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-27885
usersettings.php in e107 up to and including 2.3.0 lacks a certain e_TOKEN protection mechanism.
E107 E107
8.8
CVSSv3
CVE-2016-10753
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
E107 E107 2.1.2
8.8
CVSSv3
CVE-2018-15901
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
E107 E107 2.1.8
1 Github repository
7.5
CVSSv3
CVE-2008-2020
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (...
My123tkshop E-commerce-suite 0.9.1
Phpmybittorrent Phpmybittorrent 1.2.2
Webze Webze 0.5.9
E107 E107 0.7.11
Labgab Labgab 1.1
Phpnuke Php-nuke 7.0
Torrentflux Project Torrentflux 2.3
Phpnuke Php-nuke 8.1
Opendb Opendb 1.5.0
7.2
CVSSv3
CVE-2018-16388
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote malicious users to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
E107 E107 2.1.8
7.2
CVSSv3
CVE-2016-10378
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
E107 E107 2.1.1
6.5
CVSSv3
CVE-2018-16389
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
E107 E107 2.1.8
6.5
CVSSv3
CVE-2018-11127
e107 2.1.7 has CSRF resulting in arbitrary user deletion.
E107 E107 2.1.7
6.5
CVSSv3
CVE-2017-8098
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
E107 E107 2.1.4
6.1
CVSSv3
CVE-2018-11734
In e107 v2.1.7, output without filtering results in XSS.
E107 E107 2.1.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »