CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4921
https://notcve.org/view.php?id=CVE-2011-4921
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter. Vulnerabilida de inyección SQL en usersettings.php en e107 v0.7.26 y posiblemente otras versiones anteriores a 1.0.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro username. • http://osvdb.org/78050 http://secunia.com/advisories/46706 http://www.openwall.com/lists/oss-security/2012/01/04/3 http://www.securityfocus.com/bid/51253 https://exchange.xforce.ibmcloud.com/vulnerabilities/72011 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4920
https://notcve.org/view.php?id=CVE-2011-4920
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en e107 v0.7.26 y otras versiones anteriores a v1.0.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la URL en (1) e107_images/thumb.php o (2) rate.php, (3) el parámetro resend_name en e107_admin/users.php, y (4) link BBCode en user signatures. • http://osvdb.org/78047 http://osvdb.org/78048 http://osvdb.org/78049 http://secunia.com/advisories/46706 http://www.openwall.com/lists/oss-security/2012/01/04/3 http://www.securityfocus.com/bid/51253 https://exchange.xforce.ibmcloud.com/vulnerabilities/72010 https://exchange.xforce.ibmcloud.com/vulnerabilities/72104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 59EXPL: 3CVE-2011-1513 – e107 0.7.24 - 'cmd' Remote Command Execution
https://notcve.org/view.php?id=CVE-2011-1513
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name. Vulnerabilidad de inyección de código estático en install_.php en e107 CMS v0.7.24 y probablemente también en versiones anteriores, cuando el script de instalación no se elimina, permite a atacantes remotos inyectar código PHP de su elección en e107_config.php a través de un nombre de servidor MySQL modificado. • https://www.exploit-db.com/exploits/36252 http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931&r2=12376&pathrev=12376 http://www.coresecurity.com/content/e107-cms-script-command-injection http://www.securityfocus.com/bid/50339 https://exchange.xforce.ibmcloud.com/vulnerabilities/70921 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 65EXPL: 1CVE-2010-4757
https://notcve.org/view.php?id=CVE-2010-4757
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en submitnews.php de e107 en versiones anteriores a la 0.7.23 permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del parámetro submitnews_title. Un vector diferente al del CVE-2008-6208. • http://e107.org/comment.php?comment.news.872 http://e107.org/svn_changelog.php?version=0.7.23 http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?r1=11655&r2=11654&pathrev=11655 http://securitytracker.com/id?1024351 http://www.madirish.net/? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 65EXPL: 0CVE-2011-0457
https://notcve.org/view.php?id=CVE-2011-0457
Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en e107 0.7.22 y versiones anteriores permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores sin especificar. • http://e107.org/comment.php?comment.news.872 http://e107.org/svn_changelog.php?version=0.7.23 http://jvn.jp/en/jp/JVN01635457/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •