CyberSec.Space Logo
返回 CVE 浏览器

CVE-2016-10753

HIGH
8.8
CVSS Severity Score
EPSS Score0.0620%
EPSS Percentile9.50th
Published2019年5月24日
Last Modified2024年11月21日

Vulnerability Description

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.

Affected Platforms (CPE)

📦
E107

E107

= 2.1.2

References & Advisories

🔗 https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/
🔗 https://demo.ripstech.com/projects/e107_2.1.2
🔗 https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/
🔗 https://demo.ripstech.com/projects/e107_2.1.2

相关漏洞威胁

CVE-2008-198910.0

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is ...

CVE-2018-159018.8

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.

CVE-2021-278858.8

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.

CVE-2021-479378.8

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions ...