Approved changes feed: RSS · Atom
cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*
part: a version: 0.6_10 update: *
| Vendor | E107 (6c60e221-90f9-5087-a0e5-d5cd5732e6aa) |
|---|---|
| Product | E107 (35b2a9c5-556b-5efe-8f1c-6c60a2550b4c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/e107inc/e107 |
purl2cpe | 2026-06-01 10:11:46.548829 |
pkg:sourceforge/e107 |
purl2cpe | 2026-06-01 10:11:46.548831 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2011-0457 |
vulnerable | 2026-06-08 04:56:37.374097 |
Details available
Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2011-03-15T17:00:00.000Z
Updated: 2024-09-16T22:50:48.041Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-5084 |
vulnerable | 2026-06-08 04:56:32.111568 |
Details available
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.
Published: 2012-02-14T20:00:00.000Z
Updated: 2024-09-16T21:57:25.283Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-4757 |
vulnerable | 2026-06-08 04:56:30.619452 |
Details available
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457.
Published: 2011-03-15T17:00:00.000Z
Updated: 2024-08-07T03:55:35.086Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-2099 |
vulnerable | 2026-06-08 04:54:11.655741 |
Details available
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.
Published: 2010-05-27T22:00:00.000Z
Updated: 2024-09-17T04:19:20.144Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-2098 |
vulnerable | 2026-06-08 04:54:11.648222 |
Details available
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.
Published: 2010-05-27T22:00:00.000Z
Updated: 2024-08-07T02:17:14.504Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4084 |
vulnerable | 2026-06-08 04:51:46.951053 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4083 |
vulnerable | 2026-06-08 04:51:46.949372 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-3444 |
vulnerable | 2026-06-08 04:51:41.976676 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-1409 |
vulnerable | 2026-06-08 04:51:22.772877 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-4757 |
vulnerable | 2026-06-08 04:49:18.715417 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-3259 |
vulnerable | 2026-06-08 04:49:08.728722 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-2416 |
vulnerable | 2026-06-08 04:49:06.561920 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2004-2028 |
vulnerable | 2026-06-08 04:48:08.344980 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.