Search criteria
8 vulnerabilities found for e107 by e107inc
CVE-2026-46620 (GCVE-0-2026-46620)
Vulnerability from nvd – Published: 2026-05-26 15:04 – Updated: 2026-05-27 16:04
VLAI
Title
e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()
Summary
e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session_handler::check() handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates the token if one happens to be present. If there is no token at all, the check is skipped entirely. This vulnerability is fixed in 2.3.5.
Severity
6.5 (Medium)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/e107inc/e107/security/advisori… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46620",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T16:04:28.086263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T16:04:41.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-m4hh-m278-jwg5"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "e107",
"vendor": "e107inc",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session_handler::check() handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates the token if one happens to be present. If there is no token at all, the check is skipped entirely. This vulnerability is fixed in 2.3.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T15:04:32.092Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/e107inc/e107/security/advisories/GHSA-m4hh-m278-jwg5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-m4hh-m278-jwg5"
}
],
"source": {
"advisory": "GHSA-m4hh-m278-jwg5",
"discovery": "UNKNOWN"
},
"title": "e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-46620",
"datePublished": "2026-05-26T15:04:32.092Z",
"dateReserved": "2026-05-15T19:34:14.012Z",
"dateUpdated": "2026-05-27T16:04:41.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43936 (GCVE-0-2026-43936)
Vulnerability from nvd – Published: 2026-05-26 14:51 – Updated: 2026-05-26 16:21
VLAI
Title
e107: Server-Side Request Forgery (SSRF) in the remote file fetcher
Summary
e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4.
Severity
4.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/e107inc/e107/security/advisori… | x_refsource_CONFIRM |
| https://github.com/e107inc/e107/commit/40b2d111 | x_refsource_MISC |
| https://github.com/e107inc/e107/commit/5f98cc9f | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43936",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T16:20:54.858253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T16:21:18.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-92fr-7h4f-22pp"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "e107",
"vendor": "e107inc",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from \"Image/File URL:\" of \"From a remote location\" in \"Media Manager\" on the administrator screen. This vulnerability is fixed in 2.3.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T14:51:49.317Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/e107inc/e107/security/advisories/GHSA-92fr-7h4f-22pp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-92fr-7h4f-22pp"
},
{
"name": "https://github.com/e107inc/e107/commit/40b2d111",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/commit/40b2d111"
},
{
"name": "https://github.com/e107inc/e107/commit/5f98cc9f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/commit/5f98cc9f"
}
],
"source": {
"advisory": "GHSA-92fr-7h4f-22pp",
"discovery": "UNKNOWN"
},
"title": "e107: Server-Side Request Forgery (SSRF) in the remote file fetcher"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-43936",
"datePublished": "2026-05-26T14:51:49.317Z",
"dateReserved": "2026-05-04T16:59:09.089Z",
"dateUpdated": "2026-05-26T16:21:18.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43935 (GCVE-0-2026-43935)
Vulnerability from nvd – Published: 2026-05-26 15:01 – Updated: 2026-05-26 15:49
VLAI
Title
e107: Host Header Injection in e107 password reset enables phishing
Summary
e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, or other security risks. The severity is high, as the vulnerability affects a critical function related to user authentication. This vulnerability is fixed in 2.3.4.
Severity
8.1 (High)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/e107inc/e107/security/advisori… | x_refsource_CONFIRM |
| https://github.com/e107inc/e107/commit/04511f9f1d… | x_refsource_MISC |
| https://github.com/e107inc/e107/commit/b0dee8234e… | x_refsource_MISC |
| https://github.com/e107inc/e107/commit/c4f9f71b0f… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43935",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T15:49:32.402267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T15:49:36.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-7pmw-jwvr-cq2x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "e107",
"vendor": "e107inc",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, or other security risks. The severity is high, as the vulnerability affects a critical function related to user authentication. This vulnerability is fixed in 2.3.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-807",
"description": "CWE-807: Reliance on Untrusted Inputs in a Security Decision",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T15:01:36.720Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/e107inc/e107/security/advisories/GHSA-7pmw-jwvr-cq2x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-7pmw-jwvr-cq2x"
},
{
"name": "https://github.com/e107inc/e107/commit/04511f9f1d6e97c31ba7cc5bf7f1f9a19d221db6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/commit/04511f9f1d6e97c31ba7cc5bf7f1f9a19d221db6"
},
{
"name": "https://github.com/e107inc/e107/commit/b0dee8234e273debbf7a8ae054de464f1008f357",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/commit/b0dee8234e273debbf7a8ae054de464f1008f357"
},
{
"name": "https://github.com/e107inc/e107/commit/c4f9f71b0fd695545d0f09e2277b6f70ff4660fc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/commit/c4f9f71b0fd695545d0f09e2277b6f70ff4660fc"
}
],
"source": {
"advisory": "GHSA-7pmw-jwvr-cq2x",
"discovery": "UNKNOWN"
},
"title": "e107: Host Header Injection in e107 password reset enables phishing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-43935",
"datePublished": "2026-05-26T15:01:36.720Z",
"dateReserved": "2026-05-04T16:59:09.089Z",
"dateUpdated": "2026-05-26T15:49:36.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43934 (GCVE-0-2026-43934)
Vulnerability from nvd – Published: 2026-05-26 14:54 – Updated: 2026-05-26 17:40
VLAI
Title
e107: Broken Access Control in e107 comment edit allows cross-user comment modification
Summary
e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends only on a predictable identifier in the request to determine which comment to edit, without confirming the requesting user’s ownership of the comment. This vulnerability is fixed in 2.3.4.
Severity
6.5 (Medium)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/e107inc/e107/security/advisori… | x_refsource_CONFIRM |
| https://github.com/e107inc/e107/commit/23961a8f | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43934",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:40:26.682147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T17:40:51.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-5w63-63rh-99q6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "e107",
"vendor": "e107inc",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends only on a predictable identifier in the request to determine which comment to edit, without confirming the requesting user\u2019s ownership of the comment. This vulnerability is fixed in 2.3.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T14:54:21.210Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/e107inc/e107/security/advisories/GHSA-5w63-63rh-99q6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-5w63-63rh-99q6"
},
{
"name": "https://github.com/e107inc/e107/commit/23961a8f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/commit/23961a8f"
}
],
"source": {
"advisory": "GHSA-5w63-63rh-99q6",
"discovery": "UNKNOWN"
},
"title": "e107: Broken Access Control in e107 comment edit allows cross-user comment modification"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-43934",
"datePublished": "2026-05-26T14:54:21.210Z",
"dateReserved": "2026-05-04T16:59:09.089Z",
"dateUpdated": "2026-05-26T17:40:51.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46620 (GCVE-0-2026-46620)
Vulnerability from cvelistv5 – Published: 2026-05-26 15:04 – Updated: 2026-05-27 16:04
VLAI
Title
e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()
Summary
e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session_handler::check() handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates the token if one happens to be present. If there is no token at all, the check is skipped entirely. This vulnerability is fixed in 2.3.5.
Severity
6.5 (Medium)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/e107inc/e107/security/advisori… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46620",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T16:04:28.086263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T16:04:41.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-m4hh-m278-jwg5"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "e107",
"vendor": "e107inc",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session_handler::check() handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates the token if one happens to be present. If there is no token at all, the check is skipped entirely. This vulnerability is fixed in 2.3.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T15:04:32.092Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/e107inc/e107/security/advisories/GHSA-m4hh-m278-jwg5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-m4hh-m278-jwg5"
}
],
"source": {
"advisory": "GHSA-m4hh-m278-jwg5",
"discovery": "UNKNOWN"
},
"title": "e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-46620",
"datePublished": "2026-05-26T15:04:32.092Z",
"dateReserved": "2026-05-15T19:34:14.012Z",
"dateUpdated": "2026-05-27T16:04:41.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43935 (GCVE-0-2026-43935)
Vulnerability from cvelistv5 – Published: 2026-05-26 15:01 – Updated: 2026-05-26 15:49
VLAI
Title
e107: Host Header Injection in e107 password reset enables phishing
Summary
e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, or other security risks. The severity is high, as the vulnerability affects a critical function related to user authentication. This vulnerability is fixed in 2.3.4.
Severity
8.1 (High)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/e107inc/e107/security/advisori… | x_refsource_CONFIRM |
| https://github.com/e107inc/e107/commit/04511f9f1d… | x_refsource_MISC |
| https://github.com/e107inc/e107/commit/b0dee8234e… | x_refsource_MISC |
| https://github.com/e107inc/e107/commit/c4f9f71b0f… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43935",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T15:49:32.402267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T15:49:36.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-7pmw-jwvr-cq2x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "e107",
"vendor": "e107inc",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, or other security risks. The severity is high, as the vulnerability affects a critical function related to user authentication. This vulnerability is fixed in 2.3.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-807",
"description": "CWE-807: Reliance on Untrusted Inputs in a Security Decision",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T15:01:36.720Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/e107inc/e107/security/advisories/GHSA-7pmw-jwvr-cq2x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-7pmw-jwvr-cq2x"
},
{
"name": "https://github.com/e107inc/e107/commit/04511f9f1d6e97c31ba7cc5bf7f1f9a19d221db6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/commit/04511f9f1d6e97c31ba7cc5bf7f1f9a19d221db6"
},
{
"name": "https://github.com/e107inc/e107/commit/b0dee8234e273debbf7a8ae054de464f1008f357",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/commit/b0dee8234e273debbf7a8ae054de464f1008f357"
},
{
"name": "https://github.com/e107inc/e107/commit/c4f9f71b0fd695545d0f09e2277b6f70ff4660fc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/commit/c4f9f71b0fd695545d0f09e2277b6f70ff4660fc"
}
],
"source": {
"advisory": "GHSA-7pmw-jwvr-cq2x",
"discovery": "UNKNOWN"
},
"title": "e107: Host Header Injection in e107 password reset enables phishing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-43935",
"datePublished": "2026-05-26T15:01:36.720Z",
"dateReserved": "2026-05-04T16:59:09.089Z",
"dateUpdated": "2026-05-26T15:49:36.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43934 (GCVE-0-2026-43934)
Vulnerability from cvelistv5 – Published: 2026-05-26 14:54 – Updated: 2026-05-26 17:40
VLAI
Title
e107: Broken Access Control in e107 comment edit allows cross-user comment modification
Summary
e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends only on a predictable identifier in the request to determine which comment to edit, without confirming the requesting user’s ownership of the comment. This vulnerability is fixed in 2.3.4.
Severity
6.5 (Medium)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/e107inc/e107/security/advisori… | x_refsource_CONFIRM |
| https://github.com/e107inc/e107/commit/23961a8f | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43934",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:40:26.682147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T17:40:51.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-5w63-63rh-99q6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "e107",
"vendor": "e107inc",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends only on a predictable identifier in the request to determine which comment to edit, without confirming the requesting user\u2019s ownership of the comment. This vulnerability is fixed in 2.3.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T14:54:21.210Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/e107inc/e107/security/advisories/GHSA-5w63-63rh-99q6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-5w63-63rh-99q6"
},
{
"name": "https://github.com/e107inc/e107/commit/23961a8f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/commit/23961a8f"
}
],
"source": {
"advisory": "GHSA-5w63-63rh-99q6",
"discovery": "UNKNOWN"
},
"title": "e107: Broken Access Control in e107 comment edit allows cross-user comment modification"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-43934",
"datePublished": "2026-05-26T14:54:21.210Z",
"dateReserved": "2026-05-04T16:59:09.089Z",
"dateUpdated": "2026-05-26T17:40:51.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43936 (GCVE-0-2026-43936)
Vulnerability from cvelistv5 – Published: 2026-05-26 14:51 – Updated: 2026-05-26 16:21
VLAI
Title
e107: Server-Side Request Forgery (SSRF) in the remote file fetcher
Summary
e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4.
Severity
4.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/e107inc/e107/security/advisori… | x_refsource_CONFIRM |
| https://github.com/e107inc/e107/commit/40b2d111 | x_refsource_MISC |
| https://github.com/e107inc/e107/commit/5f98cc9f | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43936",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T16:20:54.858253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T16:21:18.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-92fr-7h4f-22pp"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "e107",
"vendor": "e107inc",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from \"Image/File URL:\" of \"From a remote location\" in \"Media Manager\" on the administrator screen. This vulnerability is fixed in 2.3.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T14:51:49.317Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/e107inc/e107/security/advisories/GHSA-92fr-7h4f-22pp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/e107inc/e107/security/advisories/GHSA-92fr-7h4f-22pp"
},
{
"name": "https://github.com/e107inc/e107/commit/40b2d111",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/commit/40b2d111"
},
{
"name": "https://github.com/e107inc/e107/commit/5f98cc9f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/e107inc/e107/commit/5f98cc9f"
}
],
"source": {
"advisory": "GHSA-92fr-7h4f-22pp",
"discovery": "UNKNOWN"
},
"title": "e107: Server-Side Request Forgery (SSRF) in the remote file fetcher"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-43936",
"datePublished": "2026-05-26T14:51:49.317Z",
"dateReserved": "2026-05-04T16:59:09.089Z",
"dateUpdated": "2026-05-26T16:21:18.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}