E107

E107

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2010-4757

Exploit
  • EPSS 0.48%
  • Veröffentlicht 15.03.2011 17:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details ar...

7.5

CVE-2010-2099

Exploit
  • EPSS 0.84%
  • Veröffentlicht 27.05.2010 22:30:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php...

7.5

CVE-2010-2098

  • EPSS 0.52%
  • Veröffentlicht 27.05.2010 22:30:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.

6

CVE-2010-0996

  • EPSS 2.78%
  • Veröffentlicht 20.04.2010 16:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of pref...

3.5

CVE-2010-0997

  • EPSS 0.35%
  • Veröffentlicht 20.04.2010 16:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitr...

7.5

CVE-2009-4084

  • EPSS 0.4%
  • Veröffentlicht 29.11.2009 13:07:34
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

4.3

CVE-2009-4083

  • EPSS 0.29%
  • Veröffentlicht 29.11.2009 13:07:34
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5...

4.3

CVE-2009-3444

Exploit
  • EPSS 0.43%
  • Veröffentlicht 28.09.2009 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.

5.1

CVE-2009-1409

  • EPSS 0.2%
  • Veröffentlicht 24.04.2009 14:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector ...

4.3

CVE-2008-6208

  • EPSS 0.25%
  • Veröffentlicht 20.02.2009 01:30:05
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is...