Vulnerabilities > E107 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-02 | CVE-2021-27885 | Cross-Site Request Forgery (CSRF) vulnerability in E107 usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. | 8.8 |
| 2011-11-04 | CVE-2011-1513 | OS Command Injection vulnerability in E107 Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name. | 7.5 |
| 2010-05-27 | CVE-2010-2099 | Permissions, Privileges, and Access Controls vulnerability in E107 bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method. | 7.5 |
| 2010-05-27 | CVE-2010-2098 | SQL-Injection vulnerability in E107 Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter. | 7.5 |
| 2009-11-29 | CVE-2009-4084 | SQL Injection vulnerability in E107 SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2009-03-13 | CVE-2008-6466 | SQL Injection vulnerability in Akirapowered Image Gallery 0.9.6.2 SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action. | 7.5 |
| 2009-03-06 | CVE-2008-6438 | SQL Injection vulnerability in E107Coders Macguru Blog Engine Plugin 2.2 SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. | 7.5 |
| 2009-02-11 | CVE-2008-6114 | SQL Injection vulnerability in Mytipper Zogo Shop 1.15.4 SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter. | 7.5 |
| 2008-11-04 | CVE-2008-4906 | SQL Injection vulnerability in W1N78 Lyrics 0.4.2 SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. | 7.5 |
| 2008-10-29 | CVE-2008-4786 | SQL Injection vulnerability in E107 Easyshop Plugin SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | 7.5 |