RSS   Vulnerabilities for 'E107'   RSS

2019-07-10
 
CVE-2018-11734

CWE-79
 

 
In e107 v2.1.7, output without filtering results in XSS.

 
2019-06-19
 
CVE-2018-17423

CWE-79
 

 
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.

 
2019-05-24
 
CVE-2016-10753

CWE-502
 

 
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.

 
2018-09-26
 
CVE-2018-17081

CWE-352
 

 
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.

 
2018-09-12
 
CVE-2018-16389

CWE-89
 

 
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.

 
 
CVE-2018-16388

CWE-434
 

 
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.

 
2018-09-05
 
CVE-2018-16381

CWE-79
 

 
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.

 
2018-08-28
 
CVE-2018-15901

CWE-352
 

 
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.

 
2018-05-15
 
CVE-2018-11127

CWE-352
 

 
e107 2.1.7 has CSRF resulting in arbitrary user deletion.

 
2017-05-29
 
CVE-2016-10378

 

 
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.

 


Copyright 2022, cxsecurity.com

 

Back to Top