e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files.
Max CVSS
5.0
EPSS Score
0.29%
Published
2011-09-23
Updated
2012-03-13
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
Max CVSS
7.5
EPSS Score
0.82%
Published
2011-11-04
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.14%
Published
2011-03-15
Updated
2011-03-15
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457.
Max CVSS
4.3
EPSS Score
0.34%
Published
2011-03-15
Updated
2017-08-17
4 vulnerabilities found