E107 漏洞与 CVE 列表(83)

产品(CPE): — CVE 数: 83

E107 漏洞概览

汇总 E107 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

历史漏洞主要涉及 CSRF与路径处理缺陷 等问题,部分漏洞可能导致 文件覆盖,并影响 软件部署与生产负载 相关场景。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 12083 CVE 数
«« 第一页 « 上一页 第 1 / 5 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2021-47937 e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell to the e107_themes directory, then execute system commands via the payload.php script. [email protected] 8.7 0.59% 2026-05-10 2026-06-17
CVE-2022-50939 e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (image.php) where the upload_caption parameter is not properly sanitized. An attacker with administrative privileges can use directory traversal sequences (../../../) in the upload_caption field to overwrite critical system files outside the intended [email protected] 8.6 1.09% 2026-01-13 2026-06-17
CVE-2022-50916 e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.php in the web application directory. [email protected] 8.7 0.80% 2026-01-13 2026-06-17
CVE-2022-50907 e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution through the Media Manager import feature. [email protected] 8.6 1.05% 2026-01-13 2026-06-17
CVE-2022-50906 e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting (XSS) payloads that can execute arbitrary scripts when viewed. [email protected] 4.8 0.35% 2026-01-13 2026-06-17
CVE-2022-50905 e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code through the URL parameter that gets executed when users click outside the comment field after typing content. The second vulnerability involves an upload restriction bypass for authenticated administra [email protected] 9.8 0.57% 2026-01-13 2026-06-17
CVE-2025-11941 A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction[] results in path traversal. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 2.1 0.76% 2025-10-19 2026-06-17
CVE-2025-61505 e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the `install.php` script. The script processes user-controlled input in the `previous_steps` POST parameter using `unserialize(base64_decode())` without validation, allowing attackers to craft malicious serialized data. This could lead to remote code execution, arbitrary file operations, or denial of service, depending on available PHP object gadgets in the codebase. [email protected] 6.5 0.33% 2025-10-10 2026-06-17
CVE-2023-43874 Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. [email protected] 5.4 0.63% 2023-09-28 2026-06-17
CVE-2023-43873 A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. [email protected] 5.4 0.46% 2023-09-28 2026-06-17
CVE-2023-36121 Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. [email protected] 5.4 1.07% 2023-08-01 2026-06-17
CVE-2021-27885 usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. [email protected] 8.8 3.21% 2021-03-02 2026-06-16
CVE-2018-11734 In e107 v2.1.7, output without filtering results in XSS. [email protected] 6.1 0.78% 2019-07-10 2026-06-16
CVE-2018-17423 An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php. [email protected] 4.8 0.74% 2019-06-19 2026-06-16
CVE-2016-10753 e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC. [email protected] 8.8 1.68% 2019-05-24 2026-06-16
CVE-2018-17081 e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. [email protected] 4.3 0.58% 2018-09-26 2026-06-16
CVE-2018-16389 e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. [email protected] 6.5 1.15% 2018-09-12 2026-06-16
CVE-2018-16388 e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. [email protected] 7.2 2.19% 2018-09-12 2026-06-16
CVE-2018-16381 e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. [email protected] 6.1 0.71% 2018-09-05 2026-06-16
CVE-2018-15901 e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. [email protected] 8.8 0.56% 2018-08-28 2026-06-16
«« 第一页 « 上一页 第 1 / 5 页 下一页 »
cvelogic Threat Intelligence