CVE-2013-2750
- EPSS 3.22%
- Veröffentlicht 22.01.2014 19:55:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2012-6434
- EPSS 1.44%
- Veröffentlicht 03.01.2013 11:54:26
- Zuletzt bearbeitet 16.06.2026 23:48:05
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) do...
CVE-2012-6433
- EPSS 1.96%
- Veröffentlicht 03.01.2013 11:54:26
- Zuletzt bearbeitet 16.06.2026 23:48:05
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.
CVE-2011-4947
- EPSS 0.68%
- Veröffentlicht 31.08.2012 22:55:01
- Zuletzt bearbeitet 16.06.2026 23:35:40
Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_i...
CVE-2011-4946
- EPSS 1.46%
- Veröffentlicht 31.08.2012 22:55:01
- Zuletzt bearbeitet 16.06.2026 23:35:40
SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.
CVE-2012-3843
- EPSS 1.16%
- Veröffentlicht 03.07.2012 22:55:03
- Zuletzt bearbeitet 16.06.2026 23:43:59
Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- EPSS 0.53%
- Veröffentlicht 14.02.2012 20:55:02
- Zuletzt bearbeitet 16.06.2026 23:26:06
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for...
CVE-2011-4921
- EPSS 1.09%
- Veröffentlicht 04.01.2012 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:35:38
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2011-4920
- EPSS 1.34%
- Veröffentlicht 04.01.2012 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:35:37
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to ...
CVE-2011-1513
- EPSS 5.79%
- Veröffentlicht 04.11.2011 21:55:01
- Zuletzt bearbeitet 16.06.2026 23:29:31
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server na...