VYPR

E107

by E107

Source repositories

CVEs (89)

  • CVE-2003-1191Oct 29, 2003
    risk 0.04cvss epss 0.08

    chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded.

  • CVE-2021-27885HigMar 2, 2021
    risk 0.03cvss 8.8epss 0.03

    usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.

  • CVE-2015-1057Jan 16, 2015
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value.

  • CVE-2013-2750Jan 22, 2014
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string.

  • CVE-2012-6434Jan 3, 2013
    risk 0.03cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3)…

  • CVE-2012-6433Jan 3, 2013
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.

  • CVE-2011-5186Sep 20, 2012
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter.

  • CVE-2011-1513Nov 4, 2011
    risk 0.03cvss epss 0.06

    Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.

  • CVE-2010-2099May 27, 2010
    risk 0.03cvss epss 0.05

    bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of…

  • CVE-2009-3444Sep 28, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.

  • CVE-2009-1409Apr 24, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and…

  • CVE-2008-5320Dec 3, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.

  • CVE-2008-4906Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-4785Oct 29, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-1702Apr 8, 2008
    risk 0.03cvss epss 0.06

    Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2007-3429Jun 27, 2007
    risk 0.03cvss epss 0.02

    Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.

  • CVE-2006-5786Nov 7, 2006
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.

  • CVE-2006-4794Sep 14, 2006
    risk 0.03cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8)…

  • CVE-2006-3259Jun 27, 2006
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).

  • CVE-2006-0857Feb 23, 2006
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element.

Page 2 of 5