CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

40 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-7757

Malware in sbrugna...

8.8CVSS8.8AI score0.00134EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2007-2544

Malware in sbrugna...

4.3CVSS6.4AI score0.00527EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2010-2115

Malware in sbrugna...

7.5CVSS6.4AI score0.00517EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2015-1200

Malware in sbrugna...

4.3CVSS6.4AI score0.04122EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2008-5297

Malware in sbrugna...

6.5CVSS6.3AI score0.00706EPSS

Exploits1References7

NVD•added 2021/03/02 7:15 p.m.•14 views

CVE-2021-27885

usersettings.php in e107 through 2.3.0 lacks a certain eTOKEN protection mechanism...

8.8CVSS0.00184EPSS

Exploits3References3

OSV•added 2021/03/02 7:15 p.m.•10 views

CVE-2021-27885

usersettings.php in e107 through 2.3.0 lacks a certain eTOKEN protection mechanism...

8.8CVSS6.8AI score

Exploits0References3

Prion•added 2021/03/02 7:15 p.m.•13 views

Design/Logic Flaw

usersettings.php in e107 through 2.3.0 lacks a certain eTOKEN protection mechanism...

6.8CVSS8.6AI score0.00184EPSS

Exploits3References3Affected Software1

CVE•added 2021/03/02 6:15 p.m.•87 views

CVE-2021-27885

CVE-2021-27885 affects e107 up to version 2.3.0, due to missing e_TOKEN protection in usersettings.php. This CSRF flaw allows an attacker to coerce actions (e.g., password changes) without authentication, as evidenced by the public CSRF exploit and related vulnerability notes. Public references d...

8.8CVSS8.5AI score0.00184EPSS

Exploits3References3Affected Software1

Cvelist•added 2021/03/02 6:15 p.m.•17 views

CVE-2021-27885

usersettings.php in e107 through 2.3.0 lacks a certain eTOKEN protection mechanism...

8.9AI score0.00184EPSS

Exploits3References3

Positive Technologies•added 2021/03/02 12:0 a.m.•2 views

PT-2021-17645 · E107 · E107

Name of the Vulnerable Software and Affected Versions: e107 versions 2.3.0 and earlier Description: The issue is related to the lack of a certain e TOKEN protection mechanism in the usersettings.php file. This affects the security of the software. Recommendations: For versions 2.3.0 and earlier,...

8.8CVSS8.3AI score0.00184EPSS

Exploits3References9

Prion•added 2019/05/24 6:29 p.m.•9 views

Sql injection

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC...

6.5CVSS8.3AI score0.00231EPSS

Exploits1References2Affected Software1

OSV•added 2019/05/24 6:29 p.m.•11 views

CVE-2016-10753

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC...

8.8CVSS8AI score

Exploits0References2

NVD•added 2019/05/24 6:29 p.m.•12 views

CVE-2016-10753

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC...

8.8CVSS9.2AI score0.00231EPSS

Exploits1References2

CVE•added 2019/05/24 5:40 p.m.•48 views

CVE-2016-10753

CVE-2016-10753 affects e107 2.1.2. It enables a PHP Object Injection vulnerability via usersettings.php that calls unserialize without an HMAC, which leads to a subsequent SQL injection. The root cause is improper handling of unserialize data, enabling an attacker-controlled object to affect data...

8.8CVSS9.1AI score0.00231EPSS

Exploits1References2Affected Software1

NVD•added 2018/08/28 7:29 p.m.•13 views

CVE-2018-15901

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators...

8.8CVSS8.8AI score0.00134EPSS

Exploits1References2

Prion•added 2018/08/28 7:29 p.m.•9 views

Cross site request forgery (csrf)

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators...

6.8CVSS8.7AI score0.00134EPSS

Exploits1References2Affected Software1

CVE•added 2018/08/28 7:0 p.m.•35 views

CVE-2018-15901

The CVE-2018-15901 entry concerns e107 2.1.8, where a CSRF flaw in usersettings.php allows altering user details, including administrator passwords. The vulnerability’s root cause is improper CSRF protection in the usersettings.php workflow, enabling unauthorized changes without user interaction....

8.8CVSS8.7AI score0.00134EPSS

Exploits1References2Affected Software1

Cvelist•added 2018/08/28 7:0 p.m.•16 views

CVE-2018-15901

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators...

8.8AI score0.00134EPSS

Exploits1References1

Packet Storm•added 2016/11/09 12:0 a.m.•23 views

e107 CMS 2.1.2 Privilege Escalation

Exploit Title: e107 CMS 2.1.2 Privilege Escalation Date: 09-11-2016 Software Link: http://e107.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description Datas from $POST'updateddata' inside usersettings.php are...

0.5AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by