ReportizFlow
Filtered by vendor E107
Subscriptions
Filtered by product E107
Subscriptions
Total
94 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3731 | 1 E107 | 1 E107 | 2025-04-11 | N/A |
| e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files. | ||||
| CVE-2011-4920 | 1 E107 | 1 E107 | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures. | ||||
| CVE-2011-4946 | 1 E107 | 1 E107 | 2025-04-11 | N/A |
| SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter. | ||||
| CVE-2023-36121 | 1 E107 | 1 E107 | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. | ||||
| CVE-2021-27885 | 1 E107 | 1 E107 | 2024-11-21 | 8.8 High |
| usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. | ||||
| CVE-2018-17423 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php. | ||||
| CVE-2018-17081 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. | ||||
| CVE-2018-16389 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. | ||||
| CVE-2018-16388 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. | ||||
| CVE-2018-16381 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. | ||||
| CVE-2018-15901 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. | ||||
| CVE-2018-11734 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| In e107 v2.1.7, output without filtering results in XSS. | ||||
| CVE-2018-11127 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.7 has CSRF resulting in arbitrary user deletion. | ||||
| CVE-2016-10753 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC. | ||||