4.3
CVE-2026-43936
- EPSS 0.19%
- Veröffentlicht 26.05.2026 14:51:49
- Zuletzt bearbeitet 26.05.2026 19:26:42
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
e107: Server-Side Request Forgery (SSRF) in the remote file fetcher
e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellere107inc
≫
Produkt
e107
Version
< 2.3.4
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.09 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
https://github.com/e107inc/e107/security/advisories/GHSA-92fr-7h4f-22pp
https://github.com/e107inc/e107/commit/40b2d111
https://github.com/e107inc/e107/commit/5f98cc9f