Shodan
Vulnerabilities
Vulnerable Software
E107:  >> E107  >> 2.1.1  Security Vulnerabilities
CVE-2021-27885
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-03-02
CVE-2016-10378
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
CVSS Score
7.2
EPSS Score
0.005
Published
2017-05-29
CVE-2008-6466
SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.
CVSS Score
7.5
EPSS Score
0.001
Published
2009-03-13
CVE-2008-6438
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
CVSS Score
7.5
EPSS Score
0.015
Published
2009-03-06
CVE-2008-6114
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2009-02-11
CVE-2008-6069
SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter.
CVSS Score
6.8
EPSS Score
0.004
Published
2009-02-10
CVE-2008-4906
SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information.
CVSS Score
7.5
EPSS Score
0.004
Published
2008-11-04
CVE-2008-4785
SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-10-29
CVE-2008-4786
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-10-29
CVE-2008-1989
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.
CVSS Score
10.0
EPSS Score
0.018
Published
2008-04-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved