Back to CVE Browser

CVE-2016-10753

HIGH

8.8

CVSS Severity Score

EPSS Score0.0620%

EPSS Percentile9.50th

PublishedMay 24, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.

Affected Platforms (CPE)

📦

E107

E107

= 2.1.2

References & Advisories

🔗 https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/

🔗 https://demo.ripstech.com/projects/e107_2.1.2

🔗 https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/

🔗 https://demo.ripstech.com/projects/e107_2.1.2

Related Vulnerabilities

CVE-2008-198910.0

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is ...

CVE-2018-159018.8

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.

CVE-2021-278858.8

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.

CVE-2021-479378.8

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions ...