Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'E107'
2019-07-10
CVE-2018-11734
CWE-79
In e107 v2.1.7, output without filtering results in XSS.
2019-06-19
CVE-2018-17423
CWE-79
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.
2019-05-24
CVE-2016-10753
CWE-502
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
2018-09-26
CVE-2018-17081
CWE-352
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
2018-09-12
CVE-2018-16389
CWE-89
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
CVE-2018-16388
CWE-434
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
2018-09-05
CVE-2018-16381
CWE-79
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
2018-08-28
CVE-2018-15901
CWE-352
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
2018-05-15
CVE-2018-11127
CWE-352
e107 2.1.7 has CSRF resulting in arbitrary user deletion.
2017-05-29
CVE-2016-10378
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'E107' 