Approved changes feed: RSS · Atom
cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*
part: a version: 0.554 update: *
| Vendor | E107 (6c60e221-90f9-5087-a0e5-d5cd5732e6aa) |
|---|---|
| Product | E107 (35b2a9c5-556b-5efe-8f1c-6c60a2550b4c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/e107inc/e107 |
purl2cpe | 2026-06-01 10:11:46.539881 |
pkg:sourceforge/e107 |
purl2cpe | 2026-06-01 10:11:46.539883 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2011-1513 |
vulnerable | 2026-06-08 04:57:59.979740 |
Details available
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
Published: 2011-11-04T21:00:00.000Z
Updated: 2024-08-06T22:28:41.931Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-0457 |
vulnerable | 2026-06-08 04:56:37.374749 |
Details available
Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2011-03-15T17:00:00.000Z
Updated: 2024-09-16T22:50:48.041Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-5084 |
vulnerable | 2026-06-08 04:56:32.112228 |
Details available
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.
Published: 2012-02-14T20:00:00.000Z
Updated: 2024-09-16T21:57:25.283Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-4757 |
vulnerable | 2026-06-08 04:56:30.646044 |
Details available
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457.
Published: 2011-03-15T17:00:00.000Z
Updated: 2024-08-07T03:55:35.086Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-2099 |
vulnerable | 2026-06-08 04:54:11.656425 |
Details available
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.
Published: 2010-05-27T22:00:00.000Z
Updated: 2024-09-17T04:19:20.144Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-2098 |
vulnerable | 2026-06-08 04:54:11.654610 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-0996 |
vulnerable | 2026-06-08 04:54:04.320052 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4084 |
vulnerable | 2026-06-08 04:51:46.951544 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4083 |
vulnerable | 2026-06-08 04:51:46.949905 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-3444 |
vulnerable | 2026-06-08 04:51:41.991663 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-1409 |
vulnerable | 2026-06-08 04:51:22.786950 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-4757 |
vulnerable | 2026-06-08 04:49:18.723220 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-3259 |
vulnerable | 2026-06-08 04:49:08.734556 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-2416 |
vulnerable | 2026-06-08 04:49:06.567565 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2004-2261 |
not_vulnerable | 2026-06-08 04:48:09.028084 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2004-2031 |
vulnerable | 2026-06-08 04:48:08.355201 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2004-2028 |
vulnerable | 2026-06-08 04:48:08.350145 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.