Known Vulnerabilities for products from E107

Listed below are 20 of the newest known vulnerabilities associated with the vendor "E107".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-43874 json Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a... 5.4 - MEDIUM 2023-09-28 2023-09-29
CVE-2023-43873 json A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafte... 5.4 - MEDIUM 2023-09-28 2023-09-29
CVE-2023-36121 json Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description fun... 5.4 - MEDIUM 2023-08-02 2023-08-05
CVE-2021-27885 json usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. 8.8 - HIGH 2021-03-02 2023-08-08
CVE-2018-17423 json An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php. 4.8 - MEDIUM 2019-06-19 2019-06-20
CVE-2018-17081 json e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary... 4.3 - MEDIUM 2018-09-26 2018-11-26
CVE-2018-16389 json e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. 6.5 - MEDIUM 2018-09-12 2018-11-02
CVE-2018-16388 json e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filen... 7.2 - HIGH 2018-09-12 2018-11-02
CVE-2018-16381 json e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. 6.1 - MEDIUM 2018-09-05 2018-10-29
CVE-2018-15901 json e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrat... 8.8 - HIGH 2018-08-28 2018-11-02
CVE-2018-11734 json In e107 v2.1.7, output without filtering results in XSS. 6.1 - MEDIUM 2019-07-10 2019-07-17
CVE-2018-11127 json e107 2.1.7 has CSRF resulting in arbitrary user deletion. 6.5 - MEDIUM 2018-05-15 2018-06-19
CVE-2017-8098 json e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A maliciou... 6.5 - MEDIUM 2017-04-24 2017-04-29
CVE-2016-10753 json e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMA... 8.8 - HIGH 2019-05-24 2019-05-29
CVE-2016-10378 json e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, re... 7.2 - HIGH 2017-05-29 2017-06-07
CVE-2015-1057 json Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web sc... 4.3 - MEDIUM 2015-01-16 2017-09-08
CVE-2015-1041 json Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitr... 4.3 - MEDIUM 2015-01-15 2017-09-08
CVE-2014-9459 json Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allo... 6.8 - MEDIUM 2015-01-02 2015-01-14
CVE-2014-4734 json Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to injec... 4.3 - MEDIUM 2014-07-21 2018-10-09
CVE-2013-7305 json fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset password... 4.3 - MEDIUM 2014-01-22 2014-01-23
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from E107

Type Vendor Product Version
ApplicationE107E107-