E107

E107

70 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2008-5320

Exploit
  • EPSS 0.32%
  • Published 03.12.2008 19:30:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.

7.5

CVE-2008-2020

  • EPSS 0.52%
  • Published 30.04.2008 01:07:00
  • Last modified 09.04.2025 00:30:58

The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Databa...

10

CVE-2008-1989

Exploit
  • EPSS 1.8%
  • Published 27.04.2008 21:05:00
  • Last modified 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.

6.8

CVE-2007-3429

  • EPSS 2.55%
  • Published 27.06.2007 00:30:00
  • Last modified 09.04.2025 00:30:58

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.

7.5

CVE-2006-5786

Exploit
  • EPSS 4.7%
  • Published 07.11.2006 23:07:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.

4.3

CVE-2006-4794

Exploit
  • EPSS 1.26%
  • Published 14.09.2006 21:07:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) searc...

4.6

CVE-2006-4757

  • EPSS 0.41%
  • Published 13.09.2006 23:07:00
  • Last modified 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) li...

7.5

CVE-2006-4548

Exploit
  • EPSS 1.5%
  • Published 06.09.2006 00:04:00
  • Last modified 03.04.2025 01:03:51

e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_...

4.3

CVE-2006-3259

Exploit
  • EPSS 6.22%
  • Published 27.06.2006 21:05:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a ...

5

CVE-2006-2591

  • EPSS 0.4%
  • Published 25.05.2006 10:02:00
  • Last modified 03.04.2025 01:03:51

Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".