Shodan
Vulnerabilities
Vulnerable Software
E107:  >> E107  >> 2.1.8  Security Vulnerabilities
CVE-2021-27885
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-03-02
CVE-2018-16388
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
CVSS Score
7.2
EPSS Score
0.008
Published
2018-09-12
CVE-2018-16389
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-09-12
CVE-2018-16381
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-05
CVE-2018-15901
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-28
CVE-2008-6466
SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.
CVSS Score
7.5
EPSS Score
0.001
Published
2009-03-13
CVE-2008-6438
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
CVSS Score
7.5
EPSS Score
0.015
Published
2009-03-06
CVE-2008-6114
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2009-02-11
CVE-2008-6069
SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter.
CVSS Score
6.8
EPSS Score
0.004
Published
2009-02-10
CVE-2008-4906
SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information.
CVSS Score
7.5
EPSS Score
0.004
Published
2008-11-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved