threat
engine
.sh
Back
·
··:··
Home
/
Product
/
e107
Product
e107
82 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-50939
all versions
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrar
7.2
HIGH
CVE-2022-50916
all versions
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files thro
7.2
HIGH
CVE-2022-50907
all versions
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restri
7.2
HIGH
CVE-2022-50906
all versions
e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SV
4.8
MEDIUM
CVE-2022-50905
all versions
e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is
9.8
CRITICAL
CVE-2025-11941
<= 2.3.3
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main
5.4
MEDIUM
CVE-2025-61505
<= 2.3.3
e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the
install.php
script. The script processes user-controlled i
6.5
MEDIUM
CVE-2023-43874
all versions
Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a craf
5.4
MEDIUM
CVE-2023-43873
all versions
A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted scr
5.4
MEDIUM
CVE-2023-36121
all versions
Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function
5.4
MEDIUM
CVE-2021-27885
<= 2.3.0
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
8.8
HIGH
CVE-2018-11734
all versions
In e107 v2.1.7, output without filtering results in XSS.
6.1
MEDIUM
CVE-2018-17423
all versions
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.
4.8
MEDIUM
CVE-2016-10753
all versions
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
8.8
HIGH
CVE-2018-17081
all versions
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page
4.3
MEDIUM
CVE-2018-16389
all versions
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
6.5
MEDIUM
CVE-2018-16388
all versions
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename w
7.2
HIGH
CVE-2018-16381
all versions
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
6.1
MEDIUM
CVE-2018-15901
all versions
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
8.8
HIGH
CVE-2018-11127
all versions
e107 2.1.7 has CSRF resulting in arbitrary user deletion.
6.5
MEDIUM
CVE-2016-10378
all versions
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related
7.2
HIGH
CVE-2017-8098
all versions
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web
6.5
MEDIUM
CVE-2015-1057
all versions
Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script
CVE-2015-1041
all versions
Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary w
CVE-2014-9459
all versions
Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows re
CVE-2014-4734
<= 2.0
Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arb
CVE-2013-7305
<= 1.0.4
fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by
CVE-2013-2750
<= 1.0.2
Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote at
CVE-2012-6434
all versions
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hija
CVE-2012-6433
all versions
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the aut
CVE-2011-4947
<= 0.7.24
Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to
CVE-2011-4946
<= 0.7.24
SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQ
CVE-2012-3843
all versions
Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbit
CVE-2010-5084
<= 0.7.22
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the crea
CVE-2011-4921
all versions
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers
CVE-2011-4920
all versions
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inj
CVE-2011-1513
<= 0.7.24
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script
CVE-2011-3731
all versions
e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the install
CVE-2011-0457
<= 0.7.22
Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML
CVE-2010-4757
<= 0.7.22
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web s
CVE-2010-2099
<= 0.7.20
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode t
CVE-2010-2098
<= 0.7.20
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection
CVE-2010-0997
<= 0.7.19
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 befor
CVE-2010-0996
<= 0.7.19
Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by upload
CVE-2009-4084
<= 0.7.16
SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL comm
CVE-2009-4083
<= 0.7.16
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web scri
CVE-2009-3444
<= 0.7.16
Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web s
CVE-2009-1409
all versions
SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quote
CVE-2008-6208
all versions
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web scri
CVE-2008-5320
<= 0.7.13
SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary
CVE-2008-4786
all versions
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL comma
CVE-2008-4785
all versions
SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to exe
CVE-2008-2020
all versions
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0
7.5
HIGH
CVE-2008-1989
all versions
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is
CVE-2008-1702
all versions
Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensiti
CVE-2007-3429
all versions
Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote a
CVE-2006-5786
all versions
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in
CVE-2006-4794
all versions
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML vi
CVE-2006-4757
<= 0.7.5
Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execu
CVE-2006-4548
all versions
e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an
CVE-2006-3259
<= 0.7.5
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML vi
CVE-2006-2591
all versions
Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".
CVE-2006-2590
all versions
SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vect
CVE-2006-2416
all versions
SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via
CVE-2006-0857
all versions
Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or w
CVE-2006-0682
all versions
Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitr
CVE-2005-4224
all versions
Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via
CVE-2005-4051
all versions
e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php.
CVE-2005-3594
all versions
game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_sco
CVE-2005-3521
all versions
SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL command
CVE-2005-2805
all versions
forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.
CVE-2005-2559
all versions
doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files v
CVE-2005-2327
all versions
Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML
CVE-2005-1949
all versions
The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary co
CVE-2005-1966
all versions
The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell met
CVE-2004-2262
< 0.617
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute ar
CVE-2004-2042
all versions
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive inform
CVE-2004-2040
all versions
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML vi
CVE-2004-2039
all versions
e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php,
CVE-2004-2031
all versions
Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via th
CVE-2004-2028
all versions
Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via t
CVE-2003-1191
all versions
chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin