Filtered by vendor E107
Subscriptions
Total
84 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11127 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.7 has CSRF resulting in arbitrary user deletion. | ||||
| CVE-2017-8098 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker. | ||||
| CVE-2016-10753 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC. | ||||
| CVE-2016-10378 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. | ||||