E107

E107

77 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2010-0997

  • EPSS 0.35%
  • Veröffentlicht 20.04.2010 16:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitr...

6

CVE-2010-0996

  • EPSS 2.78%
  • Veröffentlicht 20.04.2010 16:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of pref...

7.5

CVE-2009-4084

  • EPSS 0.4%
  • Veröffentlicht 29.11.2009 13:07:34
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

4.3

CVE-2009-4083

  • EPSS 0.29%
  • Veröffentlicht 29.11.2009 13:07:34
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5...

4.3

CVE-2009-3444

Exploit
  • EPSS 0.43%
  • Veröffentlicht 28.09.2009 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.

5.1

CVE-2009-1409

  • EPSS 0.34%
  • Veröffentlicht 24.04.2009 14:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector ...

4.3

CVE-2008-6208

  • EPSS 0.25%
  • Veröffentlicht 20.02.2009 01:30:05
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is...

6.5

CVE-2008-5320

Exploit
  • EPSS 0.71%
  • Veröffentlicht 03.12.2008 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.

7.5

CVE-2008-2020

  • EPSS 0.52%
  • Veröffentlicht 30.04.2008 01:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Databa...

10

CVE-2008-1989

Exploit
  • EPSS 3.31%
  • Veröffentlicht 27.04.2008 21:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.