CVSS: 6.1EPSS: 6%CPEs: 47EXPL: 4CVE-2006-3259 – e107 0.7.5 - 'search.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3259
27 Jun 2006 — Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment). Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en e107 v0.7.5, permiten a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de (1) el parámetro ep en search.php y (2) el par... • https://www.exploit-db.com/exploits/28063 •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2006-2416
https://notcve.org/view.php?id=CVE-2006-2416
16 May 2006 — SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. • http://secunia.com/advisories/20089 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 45EXPL: 0CVE-2006-0682
https://notcve.org/view.php?id=CVE-2006-0682
15 Feb 2006 — Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://e107.org/comment.php?comment.news.776 •
CVSS: 9.8EPSS: 21%CPEs: 1EXPL: 2CVE-2004-2262 – e107 - 'include()' Remote File Upload
https://notcve.org/view.php?id=CVE-2004-2262
31 Dec 2004 — ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php. • https://www.exploit-db.com/exploits/704 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 1CVE-2004-2028 – e107 Website System 0.5/0.6 - 'Log.php' HTML Injection
https://notcve.org/view.php?id=CVE-2004-2028
21 May 2004 — Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. • https://www.exploit-db.com/exploits/24138 •