Total
82 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2261 | 1 E107 | 1 E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions. | |||||
| CVE-2004-2042 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php. | |||||
| CVE-2006-2591 | 1 E107 | 1 E107 | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit". | |||||
| CVE-2006-0857 | 1 E107 | 2 Chatbox Plugin, E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. | |||||
| CVE-2004-2040 | 1 E107 | 1 E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php. | |||||
| CVE-2005-4052 | 1 E107 | 1 E107 | 2025-04-03 | 5.0 MEDIUM | N/A |
| e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site. | |||||
| CVE-2006-2416 | 1 E107 | 1 E107 | 2025-04-03 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. | |||||
| CVE-2005-3521 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page. | |||||
| CVE-2006-4757 | 1 E107 | 1 E107 | 2025-04-03 | 4.6 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access." | |||||
| CVE-2004-2028 | 1 E107 | 1 E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. | |||||
| CVE-2006-4794 | 1 E107 | 1 E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2023-36121 | 1 E107 | 1 E107 | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. | |||||
| CVE-2021-27885 | 1 E107 | 1 E107 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. | |||||
| CVE-2018-17423 | 1 E107 | 1 E107 | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php. | |||||
| CVE-2018-17081 | 1 E107 | 1 E107 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. | |||||
| CVE-2018-16389 | 1 E107 | 1 E107 | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. | |||||
| CVE-2018-16388 | 1 E107 | 1 E107 | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. | |||||
| CVE-2018-16381 | 1 E107 | 1 E107 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. | |||||
| CVE-2018-15901 | 1 E107 | 1 E107 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. | |||||
| CVE-2018-11734 | 1 E107 | 1 E107 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In e107 v2.1.7, output without filtering results in XSS. | |||||