Vulnerabilities > E107

DATE CVE VULNERABILITY TITLE RISK
2019-07-10 CVE-2018-11734 Cross-Site Scripting vulnerability in E107 2.1.7
In e107 v2.1.7, output without filtering results in XSS.
network
e107 CWE-79
4.3
4.3
2019-06-19 CVE-2018-17423 Cross-Site Scripting vulnerability in E107 2.1.9
An issue was discovered in e107 v2.1.9.
network
e107 CWE-79
3.5
3.5
2019-05-24 CVE-2016-10753 Deserialization of Untrusted Data vulnerability in E107 2.1.2
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
network
low complexity
e107 CWE-502
6.5
6.5
2018-09-26 CVE-2018-17081 Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.9
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
network
e107 CWE-352
4.3
4.3
2018-09-12 CVE-2018-16389 SQL Injection vulnerability in E107 2.1.8
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
network
low complexity
e107 CWE-89
5.5
5.5
2018-09-12 CVE-2018-16388 Unrestricted Upload of File With Dangerous Type vulnerability in E107 2.1.8
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
network
low complexity
e107 CWE-434
6.5
6.5
2018-09-05 CVE-2018-16381 Cross-Site Scripting vulnerability in E107 2.1.8
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
network
e107 CWE-79
4.3
4.3
2018-08-28 CVE-2018-15901 Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.8
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
network
e107 CWE-352
6.8
6.8
2018-05-15 CVE-2018-11127 Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.7
e107 2.1.7 has CSRF resulting in arbitrary user deletion.
network
e107 CWE-352
4.3
4.3
2017-05-29 CVE-2016-10378 SQL Injection vulnerability in E107 2.1.1
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
network
low complexity
e107 CWE-89
6.5
6.5