doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&" in the eping_host parameter, which is not handled by the validation function.
CVSS Score
7.5
EPSS Score
0.018
Published
2005-08-16
Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-07-20
The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter.
CVSS Score
7.5
EPSS Score
0.01
Published
2005-06-16
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
CVSS Score
7.5
EPSS Score
0.219
Published
2004-12-31
Page 4