E107

E107

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2008-5320

Exploit
  • EPSS 0.32%
  • Veröffentlicht 03.12.2008 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.

7.5

CVE-2008-2020

  • EPSS 0.52%
  • Veröffentlicht 30.04.2008 01:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Databa...

10

CVE-2008-1989

Exploit
  • EPSS 1.8%
  • Veröffentlicht 27.04.2008 21:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.

6.8

CVE-2007-3429

  • EPSS 2.55%
  • Veröffentlicht 27.06.2007 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.

7.5

CVE-2006-5786

Exploit
  • EPSS 4.7%
  • Veröffentlicht 07.11.2006 23:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.

4.3

CVE-2006-4794

Exploit
  • EPSS 1.26%
  • Veröffentlicht 14.09.2006 21:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) searc...

4.6

CVE-2006-4757

  • EPSS 0.41%
  • Veröffentlicht 13.09.2006 23:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) li...

7.5

CVE-2006-4548

Exploit
  • EPSS 1.5%
  • Veröffentlicht 06.09.2006 00:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_...

4.3

CVE-2006-3259

Exploit
  • EPSS 6.22%
  • Veröffentlicht 27.06.2006 21:05:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a ...

5

CVE-2006-2591

  • EPSS 0.4%
  • Veröffentlicht 25.05.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".