e107 代码问题漏洞

e107 is an open source, free and PHP and MySQL based Content Management System CMS from the E107 team. The system supports a variety of plug-ins and appearance of the theme , can be used as a personal blog , discussion community , archive repository and so on. A code issue vulnerability exists in...

CVE-2016-10753

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC...

EUVD-2009-4055

Malware in sbrugna...

EUVD-2006-4781

Malware in sbrugna...

EUVD-2018-8227

Malware in sbrugna...

EUVD-2011-4832

Malware in sbrugna...

EUVD-2018-7757

Malware in sbrugna...

EUVD-2018-3753

Malware in sbrugna...

EUVD-2018-3169

Malware in sbrugna...

EUVD-2016-1560

Malware in sbrugna...

EUVD-2015-1200

Malware in sbrugna...

EUVD-2004-2034

Malware in sbrugna...

CVE-2023-36121

Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project...

CVE-2018-11734

In e107 v2.1.7, output without filtering results in XSS...

CVE-2018-11127

e107 2.1.7 has CSRF resulting in arbitrary user deletion...

CVE-2011-3731

e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107plugins/pdf/e107pdf.php and certain other files...

CVE-2018-11734

In e107 v2.1.7, output without filtering results in XSS...

Cross site request forgery (csrf)

e107 2.1.9 allows CSRF via e107admin/wmessage.php?mode=&action=inline&ajaxused=1&id= for changing the title of an arbitrary page...

CVE-2018-11127

e107 2.1.7 has CSRF resulting in arbitrary user deletion...

Sql injection

e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107admin/menus.php, related to the menuSaveVisibility function...