Login Sign Up

CVE-2022-50916

7.2 HIGH

📋 TL;DR

CVE-2022-50916 is a file upload vulnerability in e107 CMS version 3.2.1 that allows authenticated administrators to overwrite server files through Media Manager import functionality. Attackers can manipulate upload parameters to replace critical web application files like top.php. This affects all e107 CMS 3.2.1 installations with administrator accounts.

💻 Affected Systems

Products:
  • e107 CMS
Versions: 3.2.1
Operating Systems: all
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated administrator access to exploit. All installations with default Media Manager configuration are vulnerable.

📦 What is this software?

E107 by E107

View all CVEs affecting E107 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through arbitrary file overwrite leading to remote code execution, data theft, or website defacement.

🟠

Likely Case

Website defacement, data manipulation, or limited file system access through overwriting web application files.

🟢

If Mitigated

Limited impact if proper file permissions and input validation are in place, though file overwrite may still occur.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires administrator credentials. Public exploit code available on Exploit-DB (ID 50910).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.2

Vendor Advisory: https://e107.org/

Restart Required: No

Instructions:

1. Backup current installation. 2. Download e107 CMS 3.2.2 from official site. 3. Replace vulnerable files with patched version. 4. Verify Media Manager functionality.

🔧 Temporary Workarounds

Disable Media Manager Import

all

Temporarily disable the Media Manager import functionality to prevent exploitation.

# Edit e107 configuration to disable Media Manager import

Restrict File Permissions

linux

Set web directory files to read-only for web server user.

chmod 444 /path/to/e107/web/files/*.php

🧯 If You Can't Patch

  • Implement strict access controls on administrator accounts with MFA
  • Monitor file system changes in web directories and alert on unauthorized modifications

🔍 How to Verify

Check if Vulnerable:

Check e107 version in admin panel or via version.php file. If version is 3.2.1, system is vulnerable.

Check Version:

grep -r "e107_version" /path/to/e107/install/

Verify Fix Applied:

Verify version is 3.2.2 or higher. Test Media Manager import with malicious payloads to confirm rejection.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads via Media Manager
  • Multiple failed import attempts
  • File modification timestamps on critical PHP files

Network Indicators:

  • POST requests to /e107_admin/media_manager.php with manipulated parameters

SIEM Query:

source="web_logs" AND uri="/e107_admin/media_manager.php" AND method="POST" AND (param="upload_url" OR param="import_url")

📊 Metadata

CVE ID: CVE-2022-50916
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
EPSS Score: 0.09% exploit probability (25.3th percentile)
Published: January 13, 2026
Last Updated: January 16, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50916, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)