Lucene search
K

44 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.9 views

CVE-2026-43934

e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...

6.5CVSS5.5AI score0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 4:16 p.m.34 views

CVE-2026-43934

e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...

6.5CVSS0.00181EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 4:16 p.m.15 views

CVE-2026-43936

e107 is a content management system CMS. Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4...

4.3CVSS0.00193EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/26 3:4 p.m.10 views

CVE-2026-46620 e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 3:4 p.m.10 views

EUVD-2026-31851

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:54 p.m.7 views

CVE-2026-43934

e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/26 2:51 p.m.19 views

CVE-2026-43936

Summary: CVE-2026-43936 affects the e107 content management system (CMS). Before version 2.3.4, an SSRF flaw in the remote file fetcher can be triggered via the Image/File URL field in Media Manager’s From a remote location, allowing access to local environment resources. The issue is fixed in 2....

4.3CVSS5.8AI score0.00193EPSS
Exploits0References3
NVD
NVD
added 2026/05/10 1:16 p.m.9 views

CVE-2021-47937

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

8.8CVSS0.0059EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/10 12:43 p.m.11 views

CVE-2021-47937 e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme Upload

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

8.8CVSS6.6AI score0.0059EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.4 views

e107 2.0 Cross Site Scripting / SQL Injection

Multiple vulnerabilities including cross site scripting and SQL injection exist in e107 CMS version 2.0. These vulnerabilities allow remote attackers to execute malicious scripts and SQL commands. This issue is older research added to the archive...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/14 11:19 p.m.5 views

CVE-2022-50907

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution...

8.6CVSS8.3AI score0.01049EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/14 11:19 p.m.7 views

CVE-2022-50916

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.ph...

8.7CVSS6.8AI score0.00804EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/14 11:18 p.m.7 views

CVE-2022-50939

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality image.php where the uploadcaption parameter is n...

8.6CVSS7.2AI score0.01087EPSS
Exploits1References1
OSV
OSV
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50939

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality image.php where the uploadcaption parameter is n...

8.6CVSS5.9AI score0.01087EPSS
Exploits1References4
NVD
NVD
added 2026/01/13 11:15 p.m.6 views

CVE-2022-50939

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality image.php where the uploadcaption parameter is n...

8.6CVSS0.01087EPSS
Exploits1References4
OSV
OSV
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50916

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.ph...

7.2CVSS5.8AI score0.00804EPSS
Exploits1References4
NVD
NVD
added 2026/01/13 11:15 p.m.6 views

CVE-2022-50906

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting XSS payloads...

4.8CVSS0.00353EPSS
Exploits1References4
NVD
NVD
added 2026/01/13 11:15 p.m.6 views

CVE-2022-50907

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution...

8.6CVSS0.01049EPSS
Exploits1References4
OSV
OSV
added 2026/01/13 11:15 p.m.6 views

CVE-2022-50907

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution...

7.2CVSS6.4AI score0.01049EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/13 10:51 p.m.24 views

CVE-2022-50916 e107 CMS v3.2.1 - Upload restriction bypass (Authenticated [Admin])+ Server file override

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.ph...

8.7CVSS0.00804EPSS
Exploits1References4
Rows per page
Query Builder