Approved changes feed: RSS · Atom
cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*
part: a version: 0.554_beta update: *
| Vendor | E107 (6c60e221-90f9-5087-a0e5-d5cd5732e6aa) |
|---|---|
| Product | E107 (35b2a9c5-556b-5efe-8f1c-6c60a2550b4c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/e107inc/e107 |
purl2cpe | 2026-06-01 10:11:46.542163 |
pkg:sourceforge/e107 |
purl2cpe | 2026-06-01 10:11:46.542165 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2009-4084 |
vulnerable | 2026-06-08 04:51:46.951561 |
Details available
SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Published: 2009-11-27T20:45:00.000Z
Updated: 2024-08-07T06:54:08.611Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4083 |
vulnerable | 2026-06-08 04:51:46.949922 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain.
Published: 2009-11-27T20:45:00.000Z
Updated: 2024-08-07T06:54:10.116Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-3444 |
vulnerable | 2026-06-08 04:51:41.992142 |
Details available
Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.
Published: 2009-09-28T22:00:00.000Z
Updated: 2024-08-07T06:31:10.170Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-1409 |
vulnerable | 2026-06-08 04:51:22.787440 |
Details available
SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320.
Published: 2009-04-24T14:00:00.000Z
Updated: 2024-08-07T05:13:25.517Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-5320 |
vulnerable | 2026-06-08 04:50:50.806187 |
Details available
SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.
Published: 2008-12-03T19:00:00.000Z
Updated: 2024-08-07T10:49:12.036Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-4757 |
vulnerable | 2026-06-08 04:49:18.723703 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-3259 |
vulnerable | 2026-06-08 04:49:08.735266 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-0682 |
vulnerable | 2026-06-08 04:48:54.920501 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-2327 |
vulnerable | 2026-06-08 04:48:28.965259 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.