Approved changes feed: RSS · Atom

cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorE107 (6c60e221-90f9-5087-a0e5-d5cd5732e6aa)
ProductE107 (35b2a9c5-556b-5efe-8f1c-6c60a2550b4c)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/e107inc/e107 purl2cpe 2026-06-01 10:11:46.523231
pkg:sourceforge/e107 purl2cpe 2026-06-01 10:11:46.523234

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-61505 vulnerable 2026-06-08 07:37:27.571685 Details available
e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the `install.php` script. The script processes user-controlled input in the `previous_steps` POST parameter using `unserialize(base64_decode())` without validation, allowing attackers to craft malicious serialized data. This could lead to remote code execution, arbitrary file operations, or denial of service, depending on available PHP object gadgets in the codebase.
Published: 2025-10-10T00:00:00.000Z
Updated: 2026-02-03T17:40:08.418Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-11941 vulnerable 2026-06-08 07:04:29.442019 e107 CMS Avatar image.php path traversal
MEDIUM (5.4)
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction[] results in path traversal. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-10-19T15:32:10.388Z
Updated: 2025-10-20T19:04:24.380Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-27885 vulnerable 2026-06-08 05:31:22.677775 Details available
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
Published: 2021-03-02T18:15:32.000Z
Updated: 2024-08-03T21:33:17.281Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-7305 vulnerable 2026-06-08 05:05:09.595371 Details available
fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.
Published: 2014-01-22T19:00:00.000Z
Updated: 2024-09-16T20:26:33.095Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-2750 vulnerable 2026-06-08 05:04:27.743320 Details available
Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string.
Published: 2014-01-22T19:00:00.000Z
Updated: 2024-08-06T15:44:33.685Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-4947 vulnerable 2026-06-08 04:59:34.005221 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-4946 vulnerable 2026-06-08 04:59:33.989938 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-1513 vulnerable 2026-06-08 04:57:59.957984 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-0457 vulnerable 2026-06-08 04:56:37.374073 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-5084 vulnerable 2026-06-08 04:56:32.111543 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-4757 vulnerable 2026-06-08 04:56:30.618399 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-2099 vulnerable 2026-06-08 04:54:11.655718 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-2098 vulnerable 2026-06-08 04:54:11.644721 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-0997 vulnerable 2026-06-08 04:54:04.349300 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-0996 vulnerable 2026-06-08 04:54:04.297203 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-4084 vulnerable 2026-06-08 04:51:46.951032 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-4083 vulnerable 2026-06-08 04:51:46.949345 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-3444 vulnerable 2026-06-08 04:51:41.976051 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-1409 not_vulnerable 2026-06-08 04:51:22.772060 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-6466 not_vulnerable 2026-06-08 04:50:55.129847 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-6438 not_vulnerable 2026-06-08 04:50:55.075190 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-6114 not_vulnerable 2026-06-08 04:50:54.269703 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-6069 not_vulnerable 2026-06-08 04:50:53.949114 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-5320 vulnerable 2026-06-08 04:50:50.795192 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-4906 not_vulnerable 2026-06-08 04:50:48.574340 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-4786 not_vulnerable 2026-06-08 04:50:48.168612 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-4785 not_vulnerable 2026-06-08 04:50:48.167122 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-1989 vulnerable 2026-06-08 04:50:22.582143 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-1702 not_vulnerable 2026-06-08 04:50:21.566986 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2006-4757 vulnerable 2026-06-08 04:49:18.714763 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2006-3259 vulnerable 2026-06-08 04:49:08.728678 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2005-3594 vulnerable 2026-06-08 04:48:41.308344 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2005-2559 vulnerable 2026-06-08 04:48:29.714629 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2005-1949 vulnerable 2026-06-08 04:48:27.952859 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2004-2262 vulnerable 2026-06-08 04:48:09.031027 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.