ReportizFlow
Filtered by vendor E107
Subscriptions
Total
84 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2416 | 1 E107 | 1 E107 | 2025-04-03 | N/A |
| SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. | ||||
| CVE-2006-4757 | 1 E107 | 1 E107 | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access." | ||||
| CVE-2005-3594 | 1 E107 | 1 E107 | 2025-04-03 | N/A |
| game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables. | ||||
| CVE-2004-2031 | 1 E107 | 1 E107 | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. | ||||
| CVE-2004-2039 | 1 E107 | 1 E107 | 2025-04-03 | N/A |
| e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message. | ||||
| CVE-2004-2040 | 1 E107 | 1 E107 | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php. | ||||
| CVE-2004-2041 | 1 E107 | 1 E107 | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2004-2028 | 1 E107 | 1 E107 | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. | ||||
| CVE-2006-4794 | 1 E107 | 1 E107 | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2005-1966 | 1 E107 | 1 E107 | 2025-04-03 | N/A |
| The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter. | ||||
| CVE-2006-2590 | 1 E107 | 1 E107 | 2025-04-03 | N/A |
| SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2023-43874 | 1 E107 | 1 E107 Cms | 2024-11-21 | 5.4 Medium |
| Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. | ||||
| CVE-2023-43873 | 1 E107 | 1 E107 Cms | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. | ||||
| CVE-2023-36121 | 1 E107 | 1 E107 | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. | ||||
| CVE-2021-27885 | 1 E107 | 1 E107 | 2024-11-21 | 8.8 High |
| usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. | ||||
| CVE-2018-17423 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php. | ||||
| CVE-2018-17081 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. | ||||
| CVE-2018-16389 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. | ||||
| CVE-2018-16388 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. | ||||
| CVE-2018-16381 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. | ||||