E107 : Security Vulnerabilities, CVEs, Published In 2017
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
Max CVSS
6.5
EPSS Score
0.10%
Published
2017-04-24
Updated
2017-04-29
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
Max CVSS
7.2
EPSS Score
0.09%
Published
2017-05-29
Updated
2017-06-07
2 vulnerabilities found