Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown
CVE-2018-16389
Disclosure Date: September 12, 2018 (last updated November 27, 2024)
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
0
Attacker Value
Unknown
CVE-2018-16388
Disclosure Date: September 12, 2018 (last updated November 27, 2024)
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
0
Attacker Value
Unknown
CVE-2018-16381
Disclosure Date: September 05, 2018 (last updated November 27, 2024)
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
0
Attacker Value
Unknown
CVE-2018-15901
Disclosure Date: August 28, 2018 (last updated November 27, 2024)
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
0
