E107 : Security Vulnerabilities, CVEs, CVSS score >= 8

CVE-2021-27885

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
Max CVSS
8.8
EPSS Score
2.50%
Published
2021-03-02
Updated
2021-03-18

CVE-2018-15901

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
Max CVSS
8.8
EPSS Score
0.18%
Published
2018-08-28
Updated
2018-11-02

CVE-2016-10753

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
Max CVSS
8.8
EPSS Score
0.10%
Published
2019-05-24
Updated
2019-05-29

CVE-2008-1989

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.
Max CVSS
10.0
EPSS Score
2.19%
Published
2008-04-27
Updated
2017-09-29
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close