Shodan
Vulnerabilities
Vulnerable Software
E107:  Security Vulnerabilities
CVE-2013-2750
Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string.
CVSS Score
4.3
EPSS Score
0.006
Published
2014-01-22
CVE-2012-6433
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.
CVSS Score
6.8
EPSS Score
0.003
Published
2013-01-03
CVE-2012-6434
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter.
CVSS Score
6.8
EPSS Score
0.002
Published
2013-01-03
CVE-2011-5186
Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter.
CVSS Score
4.3
EPSS Score
0.004
Published
2012-09-20
CVE-2011-4946
SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.
CVSS Score
6.8
EPSS Score
0.008
Published
2012-08-31
CVE-2011-4947
Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.
CVSS Score
6.8
EPSS Score
0.003
Published
2012-08-31
CVE-2012-3843
Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-07-03
CVE-2010-5084
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.
CVSS Score
6.0
EPSS Score
0.001
Published
2012-02-14
CVE-2011-4920
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures.
CVSS Score
4.3
EPSS Score
0.005
Published
2012-01-04
CVE-2011-4921
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVSS Score
5.1
EPSS Score
0.005
Published
2012-01-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved