E107 : Security Vulnerabilities, CVEs, CVSS score >= 8
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
Max CVSS
8.8
EPSS Score
2.50%
Published
2021-03-02
Updated
2021-03-18
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
Max CVSS
8.8
EPSS Score
0.18%
Published
2018-08-28
Updated
2018-11-02
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
Max CVSS
8.8
EPSS Score
0.10%
Published
2019-05-24
Updated
2019-05-29
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.
Max CVSS
10.0
EPSS Score
2.19%
Published
2008-04-27
Updated
2017-09-29
4 vulnerabilities found