Filtered by vendor E107
Subscriptions
Filtered by product E107
Subscriptions
Total
82 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-0996 | 1 E107 | 1 E107 | 2024-08-07 | N/A |
Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required. | ||||
CVE-2010-0997 | 1 E107 | 1 E107 | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter. | ||||
CVE-2011-4946 | 1 E107 | 1 E107 | 2024-08-07 | N/A |
SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter. | ||||
CVE-2011-4947 | 1 E107 | 1 E107 | 2024-08-07 | N/A |
Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter. | ||||
CVE-2011-4920 | 1 E107 | 1 E107 | 2024-08-07 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures. | ||||
CVE-2011-4921 | 1 E107 | 1 E107 | 2024-08-07 | N/A |
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
CVE-2011-1513 | 1 E107 | 1 E107 | 2024-08-06 | N/A |
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name. | ||||
CVE-2012-3843 | 1 E107 | 1 E107 | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2013-2750 | 1 E107 | 1 E107 | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
CVE-2014-9459 | 1 E107 | 1 E107 | 2024-08-06 | N/A |
Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action. | ||||
CVE-2014-4734 | 1 E107 | 1 E107 | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. | ||||
CVE-2015-1057 | 1 E107 | 1 E107 | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value. | ||||
CVE-2015-1041 | 1 E107 | 1 E107 | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING. | ||||
CVE-2016-10753 | 1 E107 | 1 E107 | 2024-08-06 | N/A |
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC. | ||||
CVE-2018-17423 | 1 E107 | 1 E107 | 2024-08-05 | N/A |
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php. | ||||
CVE-2018-17081 | 1 E107 | 1 E107 | 2024-08-05 | N/A |
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. | ||||
CVE-2018-16381 | 1 E107 | 1 E107 | 2024-08-05 | N/A |
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. | ||||
CVE-2018-16388 | 1 E107 | 1 E107 | 2024-08-05 | N/A |
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. | ||||
CVE-2018-16389 | 1 E107 | 1 E107 | 2024-08-05 | N/A |
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. | ||||
CVE-2018-15901 | 1 E107 | 1 E107 | 2024-08-05 | N/A |
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. |