CVE-2026-48997 e107: Command Injection via shell expansion in ImageMagick resize destination path

e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resizeimage, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...

CVE-2004-2438

PHP-Fusion 4.01 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the Submit News, Submit Link, or Submit Article fields. The CVE-2004-2438 entry documents this XSS issue across multiple input points but provides limi...

CVE-2004-2438

Cross-site scripting XSS vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the 1 Submit News, 2 Submit Link or 3 Submit Article field...

CVE-2004-2040

Multiple cross-site scripting XSS vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the 1 LAN407 parameter to clockmenu.php, 2 "email article to a friend" field, 3 "submit news" field, or 4 avmsg parameter to usersettings.php...