Page 8 of 54 results (0.010 seconds)

CVSS: 5.1EPSS: 2%CPEs: 18EXPL: 0

SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. • http://secunia.com/advisories/20089 http://securityreason.com/securityalert/905 http://www.osvdb.org/25521 http://www.securityfocus.com/archive/1/433938/100/0/threaded http://www.securityfocus.com/bid/17966 http://www.vupen.com/english/advisories/2006/1802 https://exchange.xforce.ibmcloud.com/vulnerabilities/26434 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. • https://www.exploit-db.com/exploits/27247 http://www.securityfocus.com/archive/1/425388/100/0/threaded http://www.securityfocus.com/bid/16719 https://exchange.xforce.ibmcloud.com/vulnerabilities/24815 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 45EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://e107.org/comment.php?comment.news.776 http://secunia.com/advisories/18816 http://www.securityfocus.com/bid/16614 http://www.vupen.com/english/advisories/2006/0540 https://exchange.xforce.ibmcloud.com/vulnerabilities/24625 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php. • http://glide.stanford.edu/yichen/research/sec.pdf http://secunia.com/advisories/18023 http://www.osvdb.org/21657 http://www.osvdb.org/21658 http://www.osvdb.org/21659 http://www.osvdb.org/21660 http://www.securityfocus.com/archive/1/419280/100/0/threaded http://www.securityfocus.com/archive/1/419487/100/0/threaded http://www.vupen.com/english/advisories/2005/2861 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php. • http://e107.org/e107_plugins/bugtrack/bugtrack.php?1625.show http://secunia.com/advisories/17890 http://www.securityfocus.com/archive/1/418577/100/0/threaded http://www.securityfocus.com/bid/15748 •