Vulnerabilities > E107

DATE CVE VULNERABILITY TITLE RISK
2021-03-02 CVE-2021-27885 Inadequate Encryption Strength vulnerability in E107
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
network
e107 CWE-326
6.8
2019-07-10 CVE-2018-11734 Cross-Site Scripting vulnerability in E107 2.1.7
In e107 v2.1.7, output without filtering results in XSS.
network
e107 CWE-79
4.3
2019-06-19 CVE-2018-17423 Cross-Site Scripting vulnerability in E107 2.1.9
An issue was discovered in e107 v2.1.9.
network
e107 CWE-79
3.5
2019-05-24 CVE-2016-10753 Deserialization of Untrusted Data vulnerability in E107 2.1.2
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
network
low complexity
e107 CWE-502
6.5
2018-09-26 CVE-2018-17081 Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.9
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
network
e107 CWE-352
4.3
2018-09-12 CVE-2018-16389 SQL Injection vulnerability in E107 2.1.8
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
network
low complexity
e107 CWE-89
5.5
2018-09-12 CVE-2018-16388 Unrestricted Upload of File With Dangerous Type vulnerability in E107 2.1.8
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
network
low complexity
e107 CWE-434
6.5
2018-09-05 CVE-2018-16381 Cross-Site Scripting vulnerability in E107 2.1.8
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
network
e107 CWE-79
4.3
2018-08-28 CVE-2018-15901 Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.8
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
network
e107 CWE-352
6.8
2018-05-15 CVE-2018-11127 Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.7
e107 2.1.7 has CSRF resulting in arbitrary user deletion.
network
e107 CWE-352
4.3