Approved changes feed: RSS · Atom

cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*

part: a version: 0.6_15 update: *

VendorE107 (6c60e221-90f9-5087-a0e5-d5cd5732e6aa)
ProductE107 (35b2a9c5-556b-5efe-8f1c-6c60a2550b4c)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/e107inc/e107 purl2cpe 2026-06-01 10:11:46.556450
pkg:sourceforge/e107 purl2cpe 2026-06-01 10:11:46.556452

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2011-0457 vulnerable 2026-06-08 04:56:37.374194 Details available
Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2011-03-15T17:00:00.000Z
Updated: 2024-09-16T22:50:48.041Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-5084 vulnerable 2026-06-08 04:56:32.111658 Details available
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.
Published: 2012-02-14T20:00:00.000Z
Updated: 2024-09-16T21:57:25.283Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-4757 vulnerable 2026-06-08 04:56:30.622344 Details available
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457.
Published: 2011-03-15T17:00:00.000Z
Updated: 2024-08-07T03:55:35.086Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-2099 vulnerable 2026-06-08 04:54:11.655830 Details available
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.
Published: 2010-05-27T22:00:00.000Z
Updated: 2024-09-17T04:19:20.144Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-2098 vulnerable 2026-06-08 04:54:11.651087 Details available
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.
Published: 2010-05-27T22:00:00.000Z
Updated: 2024-08-07T02:17:14.504Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-4084 vulnerable 2026-06-08 04:51:46.951136 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-4083 vulnerable 2026-06-08 04:51:46.949462 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-3444 vulnerable 2026-06-08 04:51:41.979187 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-1409 vulnerable 2026-06-08 04:51:22.775564 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2006-4757 vulnerable 2026-06-08 04:49:18.718023 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2006-3259 vulnerable 2026-06-08 04:49:08.728825 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2006-2416 vulnerable 2026-06-08 04:49:06.564440 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2004-2041 not_vulnerable 2026-06-08 04:48:08.377270 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2004-2040 vulnerable 2026-06-08 04:48:08.376814 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2004-2039 vulnerable 2026-06-08 04:48:08.374424 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2004-2028 vulnerable 2026-06-08 04:48:08.347522 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.