E107

E107

77 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2012-3843

  • EPSS 0.29%
  • Veröffentlicht 03.07.2012 22:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6

CVE-2010-5084

  • EPSS 0.12%
  • Veröffentlicht 14.02.2012 20:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for...

5.1

CVE-2011-4921

  • EPSS 0.46%
  • Veröffentlicht 04.01.2012 19:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter.

4.3

CVE-2011-4920

  • EPSS 0.5%
  • Veröffentlicht 04.01.2012 19:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to ...

7.5

CVE-2011-1513

Exploit
  • EPSS 1.35%
  • Veröffentlicht 04.11.2011 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server na...

5

CVE-2011-3731

Exploit
  • EPSS 0.28%
  • Veröffentlicht 23.09.2011 23:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files.

4.3

CVE-2011-0457

  • EPSS 0.25%
  • Veröffentlicht 15.03.2011 17:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2010-4757

Exploit
  • EPSS 0.48%
  • Veröffentlicht 15.03.2011 17:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details ar...

7.5

CVE-2010-2099

Exploit
  • EPSS 0.84%
  • Veröffentlicht 27.05.2010 22:30:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php...

7.5

CVE-2010-2098

  • EPSS 0.52%
  • Veröffentlicht 27.05.2010 22:30:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.