Page 2 of 8 results (0.002 seconds)

CVSS: 6.5EPSS: 0%CPEs: 56EXPL: 2

SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter. Vulnerabilidad de inyección SQL en el archivo usersettings.php en e107 0.7.13 y versiones anteriores, permite a los usuarios remotos autentificados ejecutar arbitrariamente comandos SQL a través del parámetro ue[]. • https://www.exploit-db.com/exploits/6791 http://secunia.com/advisories/32322 http://securityreason.com/securityalert/4683 http://www.securityfocus.com/bid/31821 http://www.vupen.com/english/advisories/2008/2860 https://exchange.xforce.ibmcloud.com/vulnerabilities/45967 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 45EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://e107.org/comment.php?comment.news.776 http://secunia.com/advisories/18816 http://www.securityfocus.com/bid/16614 http://www.vupen.com/english/advisories/2006/0540 https://exchange.xforce.ibmcloud.com/vulnerabilities/24625 •

CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 2

Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags. Vulnerabilidad de secuencia de comandos en sitios cruzados en e107 0.617 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante tags anidadas " [URL]BBCode". • https://www.exploit-db.com/exploits/1106 http://securitytracker.com/id?1014513 •