Vulnerabilities > E107 > E107 > 0.7.24
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-02 | CVE-2021-27885 | Cross-Site Request Forgery (CSRF) vulnerability in E107 usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. | 8.8 |
| 2014-01-22 | CVE-2013-7305 | Credentials Management vulnerability in E107 fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user. | 4.3 |
| 2014-01-22 | CVE-2013-2750 | Cross-Site Scripting vulnerability in E107 Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
| 2012-08-31 | CVE-2011-4947 | Cross-Site Request Forgery (CSRF) vulnerability in E107 Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter. | 6.8 |
| 2012-08-31 | CVE-2011-4946 | SQL Injection vulnerability in E107 SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter. | 6.8 |
| 2011-11-04 | CVE-2011-1513 | OS Command Injection vulnerability in E107 Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name. | 7.5 |
| 2011-09-23 | CVE-2011-3731 | Information Exposure vulnerability in E107 0.7.24 e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files. | 5.0 |