CVE-2026-48997
- EPSS 0.75%
- Veröffentlicht 17.06.2026 21:42:59
- Zuletzt bearbeitet 23.06.2026 15:44:39
e107 is a content management system (CMS). Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resize_image(), the source path is escaped with escapeshellarg(), but the destination path...
CVE-2026-46620
- EPSS 0.13%
- Veröffentlicht 26.05.2026 15:04:32
- Zuletzt bearbeitet 27.05.2026 17:16:40
e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session_handler::check() handles CSRF tokens. Instead of requiring a toke...
CVE-2026-43935
- EPSS 0.3%
- Veröffentlicht 26.05.2026 15:01:36
- Zuletzt bearbeitet 26.05.2026 19:26:42
e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This ...
CVE-2026-43934
- EPSS 0.18%
- Veröffentlicht 26.05.2026 14:54:21
- Zuletzt bearbeitet 26.05.2026 19:29:28
e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access c...
CVE-2026-43936
- EPSS 0.19%
- Veröffentlicht 26.05.2026 14:51:49
- Zuletzt bearbeitet 26.05.2026 19:26:42
e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vul...
CVE-2022-50939
- EPSS 1.09%
- Veröffentlicht 13.01.2026 22:52:03
- Zuletzt bearbeitet 20.01.2026 18:03:06
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (...
CVE-2022-50916
- EPSS 0.8%
- Veröffentlicht 13.01.2026 22:51:52
- Zuletzt bearbeitet 16.01.2026 19:16:13
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL pa...
CVE-2022-50907
- EPSS 1.05%
- Veröffentlicht 13.01.2026 22:51:49
- Zuletzt bearbeitet 16.01.2026 19:16:12
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload ...
CVE-2022-50906
- EPSS 0.35%
- Veröffentlicht 13.01.2026 22:51:48
- Zuletzt bearbeitet 16.01.2026 19:16:12
e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files wi...
CVE-2022-50905
- EPSS 0.57%
- Veröffentlicht 13.01.2026 22:51:48
- Zuletzt bearbeitet 21.01.2026 15:16:05
e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. ...