E107

E107

82 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.95%
  • Veröffentlicht 24.04.2009 14:30:00
  • Zuletzt bearbeitet 16.06.2026 23:07:12

SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector ...

  • EPSS 1.02%
  • Veröffentlicht 20.02.2009 01:30:05
  • Zuletzt bearbeitet 16.06.2026 23:01:48

Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is...

Exploit
  • EPSS 1.94%
  • Veröffentlicht 03.12.2008 19:30:00
  • Zuletzt bearbeitet 16.06.2026 22:59:42

SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.

  • EPSS 1.67%
  • Veröffentlicht 30.04.2008 01:07:00
  • Zuletzt bearbeitet 16.06.2026 22:52:57

The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Databa...

Exploit
  • EPSS 3.57%
  • Veröffentlicht 27.04.2008 21:05:00
  • Zuletzt bearbeitet 16.06.2026 22:52:53

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.

  • EPSS 2.07%
  • Veröffentlicht 27.06.2007 00:30:00
  • Zuletzt bearbeitet 16.06.2026 22:42:01

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.

Exploit
  • EPSS 2.42%
  • Veröffentlicht 07.11.2006 23:07:00
  • Zuletzt bearbeitet 16.06.2026 22:31:52

Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.

Exploit
  • EPSS 4.59%
  • Veröffentlicht 14.09.2006 21:07:00
  • Zuletzt bearbeitet 16.06.2026 22:29:48

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) searc...

  • EPSS 0.88%
  • Veröffentlicht 13.09.2006 23:07:00
  • Zuletzt bearbeitet 16.06.2026 22:29:44

Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) li...

Exploit
  • EPSS 1.64%
  • Veröffentlicht 06.09.2006 00:04:00
  • Zuletzt bearbeitet 16.06.2026 22:29:19

e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_...