Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor E107 Subscribe
Filtered by product E107
Total 81 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1702 1 E107 2 E107, My Gallery 2018-10-11 4.3 MEDIUM N/A
Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-0996 1 E107 1 E107 2018-10-10 6.0 MEDIUM N/A
Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required.
CVE-2010-0997 1 E107 1 E107 2018-10-10 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.
CVE-2009-4083 1 E107 1 E107 2018-10-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain.
CVE-2009-4084 1 E107 1 E107 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-3444 1 E107 1 E107 2018-10-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.
CVE-2014-4734 1 E107 1 E107 2018-10-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.
CVE-2018-11127 1 E107 1 E107 2018-06-19 4.3 MEDIUM 6.5 MEDIUM
e107 2.1.7 has CSRF resulting in arbitrary user deletion.
CVE-2006-5786 1 E107 1 E107 2017-10-18 7.5 HIGH N/A
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
CVE-2005-2327 1 E107 1 E107 2017-10-18 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags.
CVE-2004-2262 1 E107 1 E107 2017-10-18 5.0 MEDIUM N/A
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
CVE-2007-3429 1 E107 1 E107 2017-10-10 6.8 MEDIUM N/A
Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.
CVE-2009-1409 1 E107 1 E107 2017-09-28 5.1 MEDIUM N/A
SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320.
CVE-2008-6466 2 Akirapowered, E107 2 Image Gallery, E107 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.
CVE-2008-6114 2 E107, Mytipper 2 E107, Zogo Shop 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter.
CVE-2008-5320 1 E107 1 E107 2017-09-28 6.5 MEDIUM N/A
SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.
CVE-2008-4906 2 E107, W1n78 2 E107, Lyrics 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-4786 1 E107 2 E107, Easyshop Plugin 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2008-4785 1 E107 2 Alternate Profiles Plugin, E107 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1989 2 123flashchat, E107 2 123 Flash Chat Module, E107 2017-09-28 10.0 HIGH N/A
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.