e107
Web & CMS Pluginsoss-project
Latest CVEs
The 15 most recently published vulnerabilities affecting e107.
- CVE-2021-47937e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme Upload8.8
- CVE-2022-50939e107 CMS v3.2.1 - Upload Restriction Bypass with Path Traversal File Override7.2
- CVE-2022-50916e107 CMS v3.2.1 - Upload restriction bypass (Authenticated [Admin])+ Server file override7.2
- CVE-2022-50907e107 CMS v3.2.1 - Admin Upload Restriction Bypass + RCE7.2
- CVE-2022-50906e107 CMS v3.2.1 - Admin Upload Restriction Bypass + Stored XSS4.8
- CVE-2022-50905e107 CMS v3.2.1 - Reflected XSS via Comment Flow9.8
- CVE-2025-11941e107 CMS Avatar image.php path traversal5.4
- CVE-2025-61505e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the `install.php` script. The script processes user-controlled input in the `previous_steps` POST parameter using `unserialize(base...6.5
- CVE-2023-43874Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom ...5.4
- CVE-2023-43873A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.5.4
- CVE-2023-36121Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.5.4
- CVE-2021-27885usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.8.8
- CVE-2018-11734In e107 v2.1.7, output without filtering results in XSS.6.1
- CVE-2018-17423An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.4.8
- CVE-2016-10753e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.8.8