CVE-2009-1409
- EPSS 0.95%
- Veröffentlicht 24.04.2009 14:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:12
SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector ...
CVE-2008-6208
- EPSS 1.02%
- Veröffentlicht 20.02.2009 01:30:05
- Zuletzt bearbeitet 16.06.2026 23:01:48
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is...
CVE-2008-5320
- EPSS 1.94%
- Veröffentlicht 03.12.2008 19:30:00
- Zuletzt bearbeitet 16.06.2026 22:59:42
SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.
CVE-2008-2020
- EPSS 1.67%
- Veröffentlicht 30.04.2008 01:07:00
- Zuletzt bearbeitet 16.06.2026 22:52:57
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Databa...
- EPSS 3.57%
- Veröffentlicht 27.04.2008 21:05:00
- Zuletzt bearbeitet 16.06.2026 22:52:53
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.
CVE-2007-3429
- EPSS 2.07%
- Veröffentlicht 27.06.2007 00:30:00
- Zuletzt bearbeitet 16.06.2026 22:42:01
Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.
CVE-2006-5786
- EPSS 2.42%
- Veröffentlicht 07.11.2006 23:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:52
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
CVE-2006-4794
- EPSS 4.59%
- Veröffentlicht 14.09.2006 21:07:00
- Zuletzt bearbeitet 16.06.2026 22:29:48
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) searc...
CVE-2006-4757
- EPSS 0.88%
- Veröffentlicht 13.09.2006 23:07:00
- Zuletzt bearbeitet 16.06.2026 22:29:44
Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) li...
CVE-2006-4548
- EPSS 1.64%
- Veröffentlicht 06.09.2006 00:04:00
- Zuletzt bearbeitet 16.06.2026 22:29:19
e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_...