Filtered by vendor E107
Subscribe
Total
84 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15901 | 1 E107 | 1 E107 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. | |||||
| CVE-2018-11734 | 1 E107 | 1 E107 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In e107 v2.1.7, output without filtering results in XSS. | |||||
| CVE-2018-11127 | 1 E107 | 1 E107 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| e107 2.1.7 has CSRF resulting in arbitrary user deletion. | |||||
| CVE-2016-10753 | 1 E107 | 1 E107 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC. | |||||