Shodan
Vulnerabilities
Vulnerable Software
E107:  >> E107  >> 2.1.9  Security Vulnerabilities
CVE-2021-27885
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-03-02
CVE-2018-17423
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-06-19
CVE-2018-17081
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-09-26
CVE-2008-6466
SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.
CVSS Score
7.5
EPSS Score
0.001
Published
2009-03-13
CVE-2008-6438
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
CVSS Score
7.5
EPSS Score
0.015
Published
2009-03-06
CVE-2008-6114
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2009-02-11
CVE-2008-6069
SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter.
CVSS Score
6.8
EPSS Score
0.004
Published
2009-02-10
CVE-2008-4906
SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information.
CVSS Score
7.5
EPSS Score
0.004
Published
2008-11-04
CVE-2008-4785
SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-10-29
CVE-2008-4786
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-10-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved