Page 5 of 25 results (0.037 seconds)

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number. • http://marc.info/?l=bugtraq&m=112544896117131&w=2 http://www.securityfocus.com/bid/14699 https://exchange.xforce.ibmcloud.com/vulnerabilities/22059 •

CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 2

Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags. Vulnerabilidad de secuencia de comandos en sitios cruzados en e107 0.617 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante tags anidadas " [URL]BBCode". • https://www.exploit-db.com/exploits/1106 http://securitytracker.com/id?1014513 •

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2

ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php. • https://www.exploit-db.com/exploits/704 http://e107.org/comment.php?comment.news.672 http://secunia.com/advisories/13657 http://securitytracker.com/id?1012657 http://www.osvdb.org/12586 http://www.securityfocus.com/bid/12111 https://exchange.xforce.ibmcloud.com/vulnerabilities/18670 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 5

Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php. • http://marc.info/?l=bugtraq&m=108588043007224&w=2 http://marc.info/?l=full-disclosure&m=108586723116427&w=2 http://secunia.com/advisories/11740 http://www.osvdb.org/6531 http://www.osvdb.org/6532 http://www.osvdb.org/6533 http://www.securityfocus.com/bid/10436 http://www.waraxe.us/index.php?modname=sa&id=31 https://exchange.xforce.ibmcloud.com/vulnerabilities/16283 •

CVSS: 4.3EPSS: 1%CPEs: 11EXPL: 2

Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. • http://marc.info/?l=bugtraq&m=108541119526279&w=2 http://secunia.com/advisories/11696 http://www.osvdb.org/6410 http://www.securityfocus.com/bid/10405 https://exchange.xforce.ibmcloud.com/vulnerabilities/16241 •