📦 E107

CVE-2022-50939 is a critical file upload vulnerability in e107 CMS version 3.2.1 that allows authenticated administrators to overwrite arbitrary server files through path traversal. Attackers with adm...

CVE-2022-50916 is a file upload vulnerability in e107 CMS version 3.2.1 that allows authenticated administrators to overwrite server files through Media Manager import functionality. Attackers can man...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in e107 CMS versions through 2.3.0. The usersettings.php file lacks proper e_TOKEN protection, allowing attackers to trick authenti...