Month Of PHP Security - It was discovered that access control to the [php] bbcode which allows executing PHP code is wrongly implemented in e107. This allows unauthenticated users to execute arbitrary PHP code easily. e107 versions 0.7.20 and below are affected.
9e5e13070e5b1bbb208fabf81b566739464738bffb9c5bb3ff0a0421519c348ee107 Articulate third party module version 1.1.1 suffers from an unauthenticated remote shell upload vulnerability.
41b99ecb1b11992f69a368336dd53421e432b6e6aac49f238f066819b66025b8Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Hupsi Fancybox plugin for e107, which can be exploited by malicious people to compromise a vulnerable system.
6cfc82c0fad5255ca4a775def21abbb0284c94f969f78bb4c9e74c278071bb04Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Image Gallery plugin for e107, which can be exploited by malicious people to disclose sensitive information.
8844044c709b6aa30cceecfcf055bfab2dc631c21079f4dfb392028bb40b5fbcSecunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Hupsi Share plugin for e107, which can be exploited by malicious people to compromise a vulnerable system.
8e5af64f12f009a6bc1b98e4e9576c9bfcec55804ea4f0c0eda69328d00cb3b2Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Radio Plan plugin for e107, which can be exploited by malicious people to compromise a vulnerable system.
367b1b05199a61222994c7aa0e728fb0b7facdec1917b462518370074fd70c36Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Hupsis Media Gallery plugin for e107, which can be exploited by malicious people to compromise a vulnerable system.
0f534606c652b216373d194d699760fa24a172649e214b3231608827d0479546e107 Tap plugin version 2.0 suffers from a remote shell upload vulnerability.
16d450b6820569c25505641914654435ddd38724cabde859aebdd200c217525be107 Radio Plan plugin version 2.06 suffers from a remote shell upload vulnerability.
5220d8a9f509f1a911a75ce3797603c70b92f27bd86d8e23024038f88f0290cae107 Hupsi Share plugin version 1.00 suffers from a remote shell upload vulnerability.
01edcafd988a763a0655922e61b5d35515bc3ba601616b9aca3fb8f4ed687449e107 Image Gallery plugin version 0.9.7.1 suffers from a remote file disclosure vulnerability.
1f7d952a66337a9793777b6c5584a8fced88cabd97560d6834e5f3fd3fb3029ee107 Hupsi Media Gallery plugin version 1.0 suffers from a remote shell upload vulnerability.
cf798872e71c9fa0094aa28aab7cb5fe4bb92f07513ffad6e92a20748e2682d9e107 Hupsi Fancybox plugin version 1.0.4 suffers from a remote shell upload vulnerability.
727a4c7d0667d51fdc6d9063229dfbd1e7e1bb30b5ff957fb971eb33023c1113e107 Filemanager plugin version 1.0 suffers from a remote shell upload vulnerability.
1d93b23a1ed5130b4f2f0502a0ad4874fa5922b73334e7298c15b985733e50fee107 FileDownload plugin version 1.1 suffers from shell upload and file disclosure vulnerabilities.
4c9eeefd5a414c20c21f82970080248e3086771b1fd32ec3268620ead5403a56e107 suffers from a cross site scripting vulnerability in the registration page.
711a1942ca5606e2c2803b63fcc66ee6109cee7ab973f852fe41a6812590e6edThe Flexicontent component in E107 version 1.0.0 suffers from a remote SQL injection vulnerability.
415819e480c87949196e8660c90b6a6e0bf85fc7176806049bb428ec4a657981Secunia Security Advisory - mghack has discovered multiple vulnerabilities in e107, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
c482e45f6fdd9faa612e29b97ed32928d834721b371e24055f9a2ebf57296b54The jbShop e107 CMS plugin suffers from a remote SQL injection vulnerability.
c0aff325677050d5fa03cbcb44ff7ed0d4e714a4e227985f64f00e822428c3f0Core Security Technologies Advisory - When the install script for e107 CMS has not been removed, an attacker can "reinstall" the application using arbitrary parameters. If the attacker puts a valid MySql server followed a semicolon and PHP code, this will be executed when the config file gets requested. This parameters are stored in the config file "e107_config.php". Version 0.7.24 is affected.
f1aa6364a9b7aec87affa0e57cc0ec5d09d69d9a12a32fe5e884c8288d964039Sites by Pranian Group e107 suffer from a cross site scripting vulnerability.
680173c283307c88ebbba71e37e334f42cdc43c16d2af28997adac77fc40f59ae107 version 0.7.25 suffers from cross site scripting and remote SQL injection vulnerabilities.
508e2264de222779d99c876535fa46cd425719bf284a3b07ccab07ccbe1fd70dSecunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in e107, which can be exploited by malicious users to conduct SQL injection attacks.
6d185a8b7325a6e13da628f62531b50827d7cf3b20e8a97c75cb335faec2cf8be107 version 0.7.25_full suffers from a remote blind SQL injection vulnerability.
565bc858f68b00d983477864c5e7d9ecd2b132beb2a8124f1dc53dbf30e06c17e107 version 0.7.25_full suffers from cross site scripting and remote file inclusion vulnerabilities.
a1009de0e9d35d4684ddf711c669b7f6adc01cfdf2acabcd1c1311d4efad15bbSecunia Security Advisory - Autosec Tools has discovered a vulnerability in e107, which can be exploited by malicious people to conduct cross-site request forgery attacks.
b9709751ccc86dcf65cf0a4f0cecb882db9a6c34230293c065236fe573d8b0e0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed