Shodan
Vulnerabilities
Vulnerable Software
E107:  Security Vulnerabilities
CVE-2005-2805
forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-09-06
CVE-2005-2559
doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&" in the eping_host parameter, which is not handled by the validation function.
CVSS Score
7.5
EPSS Score
0.018
Published
2005-08-16
CVE-2005-2327
Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-07-20
CVE-2005-1949
The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter.
CVSS Score
7.5
EPSS Score
0.01
Published
2005-06-16
CVE-2005-1966
The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2005-06-10
CVE-2004-2261
Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.
CVSS Score
4.3
EPSS Score
0.005
Published
2004-12-31
CVE-2004-2262
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
CVSS Score
7.5
EPSS Score
0.219
Published
2004-12-31
CVE-2004-2039
e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
CVSS Score
5.0
EPSS Score
0.01
Published
2004-05-29
CVE-2004-2040
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php.
CVSS Score
4.3
EPSS Score
0.02
Published
2004-05-29
CVE-2004-2041
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
CVSS Score
7.5
EPSS Score
0.021
Published
2004-05-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved