Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'E107'
2019-07-10
CVE-2018-11734
CWE-79
In e107 v2.1.7, output without filtering results in XSS.
2019-06-19
CVE-2018-17423
CWE-79
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.
2019-05-24
CVE-2016-10753
CWE-502
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
2018-09-26
CVE-2018-17081
CWE-352
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
2018-09-12
CVE-2018-16389
CWE-89
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
CVE-2018-16388
CWE-434
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
2018-09-05
CVE-2018-16381
CWE-79
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
2018-08-28
CVE-2018-15901
CWE-352
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
2018-05-15
CVE-2018-11127
CWE-352
e107 2.1.7 has CSRF resulting in arbitrary user deletion.
2017-05-29
CVE-2016-10378
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
Copyright
2024
, cxsecurity.com
Back to Top
Podatności dla 'E107' 
Polish
English