Known Vulnerabilities for products from E107
Listed below are 20 of the newest known vulnerabilities associated with the vendor "E107".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-46620 json | Not Provided | 2026-05-26 | 2026-05-27 | |
| CVE-2026-43936 json | Not Provided | 2026-05-26 | 2026-05-26 | |
| CVE-2026-43935 json | Not Provided | 2026-05-26 | 2026-05-26 | |
| CVE-2026-43934 json | Not Provided | 2026-05-26 | 2026-05-26 | |
| CVE-2025-11941 json | A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode... | Not Provided | 2025-10-19 | 2026-04-29 |
| CVE-2023-43874 json | Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a... | 5.4 - MEDIUM | 2023-09-28 | 2023-09-29 |
| CVE-2023-43873 json | A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafte... | 5.4 - MEDIUM | 2023-09-28 | 2023-09-29 |
| CVE-2023-36121 json | Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description fun... | 5.4 - MEDIUM | 2023-08-02 | 2023-08-05 |
| CVE-2021-47937 json | Not Provided | 2026-05-10 | 2026-05-12 | |
| CVE-2021-27885 json | usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. | 8.8 - HIGH | 2021-03-02 | 2023-08-08 |
| CVE-2018-17423 json | An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php. | 4.8 - MEDIUM | 2019-06-19 | 2019-06-20 |
| CVE-2018-17081 json | e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary... | 4.3 - MEDIUM | 2018-09-26 | 2018-11-26 |
| CVE-2018-16389 json | e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. | 6.5 - MEDIUM | 2018-09-12 | 2018-11-02 |
| CVE-2018-16388 json | e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filen... | 7.2 - HIGH | 2018-09-12 | 2018-11-02 |
| CVE-2018-16381 json | e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. | 6.1 - MEDIUM | 2018-09-05 | 2018-10-29 |
| CVE-2018-15901 json | e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrat... | 8.8 - HIGH | 2018-08-28 | 2018-11-02 |
| CVE-2018-11734 json | In e107 v2.1.7, output without filtering results in XSS. | 6.1 - MEDIUM | 2019-07-10 | 2019-07-17 |
| CVE-2018-11127 json | e107 2.1.7 has CSRF resulting in arbitrary user deletion. | 6.5 - MEDIUM | 2018-05-15 | 2018-06-19 |
| CVE-2017-8098 json | e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A maliciou... | Not Provided | 2017-04-24 | 2025-04-20 |
| CVE-2016-10753 json | e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMA... | 8.8 - HIGH | 2019-05-24 | 2019-05-29 |
Known software with vulnerabilities from E107
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | E107 | E107 | - |