E107: Security Vulnerabilities
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
CVSS Score
7.5
EPSS Score
0.033
Published
2004-05-29
Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php.
CVSS Score
4.3
EPSS Score
0.007
Published
2004-05-21
Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields.
CVSS Score
4.3
EPSS Score
0.006
Published
2004-05-21
chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded.
CVSS Score
5.0
EPSS Score
0.052
Published
2003-10-29
Page 9