E107

E107

70 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2012-6433

Exploit
  • EPSS 0.34%
  • Published 03.01.2013 11:54:26
  • Last modified 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.

6.8

CVE-2011-4947

  • EPSS 0.25%
  • Published 31.08.2012 22:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_i...

6.8

CVE-2011-4946

Exploit
  • EPSS 0.78%
  • Published 31.08.2012 22:55:01
  • Last modified 11.04.2025 00:51:21

SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.

4.3

CVE-2012-3843

  • EPSS 0.29%
  • Published 03.07.2012 22:55:03
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6

CVE-2010-5084

  • EPSS 0.12%
  • Published 14.02.2012 20:55:02
  • Last modified 11.04.2025 00:51:21

The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for...

5.1

CVE-2011-4921

  • EPSS 0.46%
  • Published 04.01.2012 19:55:02
  • Last modified 11.04.2025 00:51:21

SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter.

4.3

CVE-2011-4920

  • EPSS 0.5%
  • Published 04.01.2012 19:55:02
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to ...

7.5

CVE-2011-1513

Exploit
  • EPSS 1.36%
  • Published 04.11.2011 21:55:01
  • Last modified 11.04.2025 00:51:21

Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server na...

5

CVE-2011-3731

Exploit
  • EPSS 0.28%
  • Published 23.09.2011 23:55:03
  • Last modified 11.04.2025 00:51:21

e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files.

4.3

CVE-2011-0457

  • EPSS 0.25%
  • Published 15.03.2011 17:55:03
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.