Vulnerabilities > E107 > E107 > 0.7.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-05-27 | CVE-2010-2098 | SQL-Injection vulnerability in E107 Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter. | 7.5 |
| 2010-04-20 | CVE-2010-0997 | Cross-Site Scripting vulnerability in E107 Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter. | 3.5 |
| 2010-04-20 | CVE-2010-0996 | Unspecified vulnerability in E107 Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. network e107 | 6.0 |