Shodan
Vulnerabilities
Vulnerable Software
E107:  >> E107  >> 0.545  Security Vulnerabilities
CVE-2009-1409
SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320.
CVSS Score
5.1
EPSS Score
0.005
Published
2009-04-24
CVE-2006-4757
Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."
CVSS Score
4.6
EPSS Score
0.004
Published
2006-09-13
CVE-2006-3259
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).
CVSS Score
4.3
EPSS Score
0.062
Published
2006-06-27
CVE-2006-2416
SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name'].
CVSS Score
5.1
EPSS Score
0.008
Published
2006-05-16
CVE-2004-2261
Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.
CVSS Score
4.3
EPSS Score
0.005
Published
2004-12-31
CVE-2004-2028
Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php.
CVSS Score
4.3
EPSS Score
0.007
Published
2004-05-21
CVE-2004-2031
Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields.
CVSS Score
4.3
EPSS Score
0.006
Published
2004-05-21
CVE-2003-1191
chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded.
CVSS Score
5.0
EPSS Score
0.052
Published
2003-10-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved