CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-47937

HIGH
8.8
CVSS Severity Score
EPSS Score0.0420%
EPSS Percentile40.23th
Published2026年5月10日
Last Modified2026年5月12日

Vulnerability Description

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell to the e107_themes directory, then execute system commands via the payload.php script.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://e107.org/
🔗 https://e107.org/download
🔗 https://www.exploit-db.com/exploits/50315
🔗 https://www.vulncheck.com/advisories/e107-cms-authenticated-remote-code-execution-via-theme-upload

相關漏洞威脅

CVE-2021-2124310.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deser...

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2021-2124410.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server sid...