Description
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell to the e107_themes directory, then execute system commands via the payload.php script.
Published: 2026-05-10
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

e107 CMS 2.3.0 contains a flaw that allows authenticated users with theme installation rights to upload a crafted theme package via the theme.php endpoint, which deploys a web shell and lets attackers execute arbitrary system commands through payload.php. This vulnerability enables remote code execution and poses a high risk of full system compromise, classified as CWE‑434 due to an unrestricted upload of potentially dangerous files.

Affected Systems

Affected product is E107 CMS 2.3.0. Only this specific version is known to contain the flaw; earlier versions are not impacted as per the available data.

Risk and Exploitability

The CVSS score of 8.7 classifies the issue as high severity, providing attackers the ability to run commands on the host if they possess theme upload privileges. The EPSS score is not available, so the current exploitation probability is unclear, but the vulnerability is not listed in the CISA KEV catalog. Attackers must first authenticate to the CMS and have permission to upload themes, after which the malicious upload directly exposes the server to remote code execution.

Generated by OpenCVE AI on May 10, 2026 at 14:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s latest patch or upgrade to a version of e107 CMS that removes the theme upload remote code execution flaw.
  • If a patch is not immediately available, revoke theme installation rights from all users except those who absolutely require them, or disable the theme upload functionality entirely.
  • Implement stricter file type validation on the theme upload endpoint so only signed or whitelisted theme packages can be accepted, preventing the deployment of malicious files.

Generated by OpenCVE AI on May 10, 2026 at 14:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 13:00:00 +0000

Type Values Removed Values Added
Description e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell to the e107_themes directory, then execute system commands via the payload.php script.
Title e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme Upload
First Time appeared E107
E107 e107 Cms
Weaknesses CWE-434
CPEs cpe:2.3:a:e107:e107_cms:2.3.0:*:*:*:*:*:*:*
Vendors & Products E107
E107 e107 Cms
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

E107 E107 Cms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-10T12:43:55.715Z

Reserved: 2026-02-01T11:24:18.717Z

Link: CVE-2021-47937

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-10T13:16:29.960

Modified: 2026-05-10T13:16:29.960

Link: CVE-2021-47937

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T15:45:14Z

Weaknesses