Every CVE whose affected-product data names E107, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (77)
CVE-2008-1989 — CVSS 10.0 (critical): PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled…
CVE-2022-50905 — CVSS 9.8 (critical): e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a…
CVE-2016-10753 — CVSS 8.8 (high): e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
CVE-2018-15901 — CVSS 8.8 (high): e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
CVE-2005-1966 — CVSS 7.5 (high): The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell…
CVE-2005-2559 — CVSS 7.5 (high): doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1)…
CVE-2005-3521 — CVSS 7.5 (high): SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass…
CVE-2010-2098 — CVSS 7.5 (high): Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks…
CVE-2009-4084 — CVSS 7.5 (high): SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via…
CVE-2004-2042 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via…
CVE-2004-2262 — CVSS 7.5 (high): ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary…
CVE-2005-1949 — CVSS 7.5 (high): The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands…
CVE-2005-4224 — CVSS 7.5 (high): Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the…
CVE-2006-4548 — CVSS 7.5 (high): e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an…
CVE-2011-1513 — CVSS 7.5 (high): Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not…
CVE-2010-2099 — CVSS 7.5 (high): bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which…
CVE-2006-5786 — CVSS 7.5 (high): Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary…
CVE-2008-2020 — CVSS 7.5 (high): The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3)…
CVE-2022-50907 — CVSS 7.2 (high): e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions…
CVE-2022-50916 — CVSS 7.2 (high): e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the…
CVE-2016-10378 — CVSS 7.2 (high): e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the…
CVE-2022-50939 — CVSS 7.2 (high): e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server…
CVE-2018-16388 — CVSS 7.2 (high): e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the…
CVE-2012-6433 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the…
CVE-2012-6434 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the…
CVE-2011-4947 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack…
CVE-2011-4946 — CVSS 6.8 (medium): SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL…
CVE-2007-3429 — CVSS 6.8 (medium): Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers…
CVE-2014-9459 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote…
CVE-2025-61505 — CVSS 6.5 (medium): e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the `install.php` script. The script processes user-controlled input in…
CVE-2008-5320 — CVSS 6.5 (medium): SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL…
CVE-2017-8098 — CVSS 6.5 (medium): e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can…
CVE-2010-5084 — CVSS 6.0 (medium): The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date…
CVE-2010-0996 — CVSS 6.0 (medium): Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a…
CVE-2023-36121 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the…
CVE-2025-11941 — CVSS 5.4 (medium): A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=av…
CVE-2006-2416 — CVSS 5.1 (medium): SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie…
CVE-2009-1409 — CVSS 5.1 (medium): SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is…
CVE-2011-4921 — CVSS 5.1 (medium): SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to…
CVE-2004-2039 — CVSS 5.0 (medium): e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3)…
CVE-2011-3731 — CVSS 5.0 (medium): e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation…
CVE-2006-2591 — CVSS 5.0 (medium): Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".
CVE-2005-4051 — CVSS 5.0 (medium): e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php.
CVE-2005-3594 — CVSS 5.0 (medium): game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and…
CVE-2005-2805 — CVSS 5.0 (medium): forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.
CVE-2003-1191 — CVSS 5.0 (medium): chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field…
CVE-2022-50906 — CVSS 4.8 (medium): e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files…
CVE-2006-4757 — CVSS 4.6 (medium): Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute…
CVE-2015-1041 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script…
CVE-2015-1057 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML…
CVE-2006-0682 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web…
CVE-2004-2028 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2011-0457 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via…
CVE-2010-4757 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or…
CVE-2009-3444 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or…
CVE-2006-4794 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the…
CVE-2009-4083 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or…
CVE-2018-17081 — CVSS 4.3 (medium): e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
CVE-2005-2327 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via…
CVE-2004-2040 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1)…
CVE-2013-2750 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers…
CVE-2014-4734 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary…
CVE-2006-0857 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script…
CVE-2013-7305 — CVSS 4.3 (medium): fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a…
CVE-2008-6208 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or…
CVE-2004-2031 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1)…
CVE-2012-3843 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web…
CVE-2006-3259 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1)…
CVE-2011-4920 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject…
CVE-2010-0997 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20…