CVE-2018-16381
- EPSS 0.71%
- Veröffentlicht 05.09.2018 21:29:03
- Zuletzt bearbeitet 21.11.2024 03:52:38
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
CVE-2018-15901
- EPSS 0.56%
- Veröffentlicht 28.08.2018 19:29:18
- Zuletzt bearbeitet 21.11.2024 03:51:40
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
CVE-2018-11127
- EPSS 0.53%
- Veröffentlicht 15.05.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:42
e107 2.1.7 has CSRF resulting in arbitrary user deletion.
CVE-2016-10378
- EPSS 1.26%
- Veröffentlicht 29.05.2017 19:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
CVE-2017-8098
- EPSS 0.66%
- Veröffentlicht 24.04.2017 18:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
CVE-2015-1057
- EPSS 3.23%
- Veröffentlicht 16.01.2015 15:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value.
CVE-2015-1041
- EPSS 2.52%
- Veröffentlicht 15.01.2015 15:59:29
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING.
CVE-2014-9459
- EPSS 1.11%
- Veröffentlicht 02.01.2015 20:59:19
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via...
CVE-2014-4734
- EPSS 1.89%
- Veröffentlicht 21.07.2014 14:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.
CVE-2013-7305
- EPSS 0.96%
- Veröffentlicht 22.01.2014 19:55:06
- Zuletzt bearbeitet 29.04.2026 01:13:23
fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.