E107

E107

77 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2022-50939

Exploit
  • EPSS 0.45%
  • Veröffentlicht 13.01.2026 22:52:03
  • Zuletzt bearbeitet 20.01.2026 18:03:06

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (...

7.2

CVE-2022-50916

Exploit
  • EPSS 0.08%
  • Veröffentlicht 13.01.2026 22:51:52
  • Zuletzt bearbeitet 16.01.2026 19:16:13

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL pa...

7.2

CVE-2022-50907

Exploit
  • EPSS 0.3%
  • Veröffentlicht 13.01.2026 22:51:49
  • Zuletzt bearbeitet 16.01.2026 19:16:12

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload ...

4.8

CVE-2022-50906

Exploit
  • EPSS 0.05%
  • Veröffentlicht 13.01.2026 22:51:48
  • Zuletzt bearbeitet 16.01.2026 19:16:12

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files wi...

6.1

CVE-2022-50905

Exploit
  • EPSS 0.04%
  • Veröffentlicht 13.01.2026 22:51:48
  • Zuletzt bearbeitet 21.01.2026 15:16:05

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. ...

8.1

CVE-2025-11941

Exploit
  • EPSS 0.13%
  • Veröffentlicht 19.10.2025 15:32:10
  • Zuletzt bearbeitet 12.01.2026 16:42:12

A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction[] results in path tr...

6.5

CVE-2025-61505

  • EPSS 0.2%
  • Veröffentlicht 10.10.2025 00:00:00
  • Zuletzt bearbeitet 12.01.2026 16:36:43

e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the `install.php` script. The script processes user-controlled input in the `previous_steps` POST parameter using `unserialize(base64_decode())` without validation, allowing attackers ...

5.4

CVE-2023-36121

Exploit
  • EPSS 1.6%
  • Veröffentlicht 02.08.2023 00:15:18
  • Zuletzt bearbeitet 21.11.2024 08:09:18

Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.

8.8

CVE-2021-27885

  • EPSS 0.34%
  • Veröffentlicht 02.03.2021 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:58:41

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.

6.1

CVE-2018-11734

  • EPSS 0.22%
  • Veröffentlicht 10.07.2019 18:15:10
  • Zuletzt bearbeitet 21.11.2024 03:43:55

In e107 v2.1.7, output without filtering results in XSS.