Filtered by vendor E107
Subscribe
Total
84 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4757 | 1 E107 | 1 E107 | 2025-04-03 | 4.6 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access." | |||||
| CVE-2005-2805 | 1 E107 | 1 E107 | 2025-04-03 | 5.0 MEDIUM | N/A |
| forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number. | |||||
| CVE-2006-0857 | 1 E107 | 2 Chatbox Plugin, E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. | |||||
| CVE-2004-2040 | 1 E107 | 1 E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php. | |||||
| CVE-2006-4548 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
| e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107. | |||||
| CVE-2004-2031 | 1 E107 | 1 E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. | |||||
| CVE-2005-4051 | 1 E107 | 1 E107 | 2025-04-03 | 5.0 MEDIUM | N/A |
| e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php. | |||||
| CVE-2004-2262 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
| ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php. | |||||
| CVE-2004-2028 | 1 E107 | 1 E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. | |||||
| CVE-2004-2041 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-3521 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page. | |||||
| CVE-2023-43874 | 1 E107 | 1 E107 Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. | |||||
| CVE-2023-43873 | 1 E107 | 1 E107 Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. | |||||
| CVE-2023-36121 | 1 E107 | 1 E107 | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. | |||||
| CVE-2021-27885 | 1 E107 | 1 E107 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. | |||||
| CVE-2018-17423 | 1 E107 | 1 E107 | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php. | |||||
| CVE-2018-17081 | 1 E107 | 1 E107 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. | |||||
| CVE-2018-16389 | 1 E107 | 1 E107 | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. | |||||
| CVE-2018-16388 | 1 E107 | 1 E107 | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. | |||||
| CVE-2018-16381 | 1 E107 | 1 E107 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. | |||||