Approved changes feed: RSS · Atom
cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | E107 (6c60e221-90f9-5087-a0e5-d5cd5732e6aa) |
|---|---|
| Product | E107 (35b2a9c5-556b-5efe-8f1c-6c60a2550b4c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/e107inc/e107 |
purl2cpe | 2026-06-01 10:11:46.523231 |
pkg:sourceforge/e107 |
purl2cpe | 2026-06-01 10:11:46.523234 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-61505 |
vulnerable | 2026-06-08 07:37:27.571685 |
Details available
e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the `install.php` script. The script processes user-controlled input in the `previous_steps` POST parameter using `unserialize(base64_decode())` without validation, allowing attackers to craft malicious serialized data. This could lead to remote code execution, arbitrary file operations, or denial of service, depending on available PHP object gadgets in the codebase.
Published: 2025-10-10T00:00:00.000Z
Updated: 2026-02-03T17:40:08.418Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11941 |
vulnerable | 2026-06-08 07:04:29.442019 |
e107 CMS Avatar image.php path traversal
MEDIUM (5.4)
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction[] results in path traversal. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-10-19T15:32:10.388Z
Updated: 2025-10-20T19:04:24.380Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-27885 |
vulnerable | 2026-06-08 05:31:22.677775 |
Details available
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
Published: 2021-03-02T18:15:32.000Z
Updated: 2024-08-03T21:33:17.281Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-7305 |
vulnerable | 2026-06-08 05:05:09.595371 |
Details available
fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.
Published: 2014-01-22T19:00:00.000Z
Updated: 2024-09-16T20:26:33.095Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-2750 |
vulnerable | 2026-06-08 05:04:27.743320 |
Details available
Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string.
Published: 2014-01-22T19:00:00.000Z
Updated: 2024-08-06T15:44:33.685Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-4947 |
vulnerable | 2026-06-08 04:59:34.005221 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-4946 |
vulnerable | 2026-06-08 04:59:33.989938 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-1513 |
vulnerable | 2026-06-08 04:57:59.957984 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-0457 |
vulnerable | 2026-06-08 04:56:37.374073 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-5084 |
vulnerable | 2026-06-08 04:56:32.111543 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-4757 |
vulnerable | 2026-06-08 04:56:30.618399 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-2099 |
vulnerable | 2026-06-08 04:54:11.655718 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-2098 |
vulnerable | 2026-06-08 04:54:11.644721 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-0997 |
vulnerable | 2026-06-08 04:54:04.349300 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-0996 |
vulnerable | 2026-06-08 04:54:04.297203 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4084 |
vulnerable | 2026-06-08 04:51:46.951032 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4083 |
vulnerable | 2026-06-08 04:51:46.949345 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-3444 |
vulnerable | 2026-06-08 04:51:41.976051 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-1409 |
not_vulnerable | 2026-06-08 04:51:22.772060 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-6466 |
not_vulnerable | 2026-06-08 04:50:55.129847 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-6438 |
not_vulnerable | 2026-06-08 04:50:55.075190 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-6114 |
not_vulnerable | 2026-06-08 04:50:54.269703 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-6069 |
not_vulnerable | 2026-06-08 04:50:53.949114 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-5320 |
vulnerable | 2026-06-08 04:50:50.795192 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-4906 |
not_vulnerable | 2026-06-08 04:50:48.574340 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-4786 |
not_vulnerable | 2026-06-08 04:50:48.168612 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-4785 |
not_vulnerable | 2026-06-08 04:50:48.167122 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-1989 |
vulnerable | 2026-06-08 04:50:22.582143 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-1702 |
not_vulnerable | 2026-06-08 04:50:21.566986 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-4757 |
vulnerable | 2026-06-08 04:49:18.714763 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-3259 |
vulnerable | 2026-06-08 04:49:08.728678 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-3594 |
vulnerable | 2026-06-08 04:48:41.308344 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-2559 |
vulnerable | 2026-06-08 04:48:29.714629 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-1949 |
vulnerable | 2026-06-08 04:48:27.952859 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2004-2262 |
vulnerable | 2026-06-08 04:48:09.031027 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.