Search

Find a vulnerability

Search criteria

    5 vulnerabilities by e107inc

    CVE-2026-48997 (GCVE-0-2026-48997)

    Vulnerability from cvelistv5 – Published: 2026-06-17 21:42 – Updated: 2026-06-18 13:06
    VLAI
    Title
    e107: Command Injection via shell expansion in ImageMagick resize destination path
    Summary
    e107 is a content management system (CMS). Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resize_image(), the source path is escaped with escapeshellarg(), but the destination path is inserted inside raw double quotes in the convert command; in the submit-news upload flow, that destination filename includes the first six characters of user-controlled news title input. Because the title filter removes literal spaces but not tab characters, and shell expansions such as $(...) and backticks can survive into the quoted destination argument, /bin/sh -c may evaluate attacker-controlled input. Exploitation is possible only when all of the following non-default settings are enabled: resize_method=ImageMagick, subnews_attach=1, upload_enabled=1, subnews_resize is numeric between 30 and 5000, and the attacker is a non-admin in classes permitted by both subnews_class and upload_class. This issue has been fixed in version 2.3.6.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    e107inc e107 Affected: < 2.3.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48997",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T13:05:40.518821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T13:06:02.489Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/e107inc/e107/security/advisories/GHSA-3j33-c9v4-4p42"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "e107",
              "vendor": "e107inc",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.3.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "e107 is a content management system (CMS). Versions  2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resize_image(), the source path is escaped with escapeshellarg(), but the destination path is inserted inside raw double quotes in the convert command; in the submit-news upload flow, that destination filename includes the first six characters of user-controlled news title input. Because the title filter removes literal spaces but not tab characters, and shell expansions such as $(...) and backticks can survive into the quoted destination argument, /bin/sh -c may evaluate attacker-controlled input. Exploitation is possible only when all of the following non-default settings are enabled: resize_method=ImageMagick, subnews_attach=1, upload_enabled=1, subnews_resize is numeric between 30 and 5000, and the attacker is a non-admin in classes permitted by both subnews_class and upload_class. This issue has been fixed in version 2.3.6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T21:42:59.679Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/e107inc/e107/security/advisories/GHSA-3j33-c9v4-4p42",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/e107inc/e107/security/advisories/GHSA-3j33-c9v4-4p42"
            },
            {
              "name": "https://github.com/e107inc/e107/releases/tag/v2.3.6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/e107inc/e107/releases/tag/v2.3.6"
            }
          ],
          "source": {
            "advisory": "GHSA-3j33-c9v4-4p42",
            "discovery": "UNKNOWN"
          },
          "title": "e107: Command Injection via shell expansion in ImageMagick resize destination path"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-48997",
        "datePublished": "2026-06-17T21:42:59.679Z",
        "dateReserved": "2026-05-26T23:26:07.976Z",
        "dateUpdated": "2026-06-18T13:06:02.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-46620 (GCVE-0-2026-46620)

    Vulnerability from cvelistv5 – Published: 2026-05-26 15:04 – Updated: 2026-05-27 16:04
    VLAI
    Title
    e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()
    Summary
    e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session_handler::check() handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates the token if one happens to be present. If there is no token at all, the check is skipped entirely. This vulnerability is fixed in 2.3.5.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    e107inc e107 Affected: < 2.3.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-46620",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T16:04:28.086263Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T16:04:41.864Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/e107inc/e107/security/advisories/GHSA-m4hh-m278-jwg5"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "e107",
              "vendor": "e107inc",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.3.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session_handler::check() handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates the token if one happens to be present. If there is no token at all, the check is skipped entirely. This vulnerability is fixed in 2.3.5."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T15:04:32.092Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/e107inc/e107/security/advisories/GHSA-m4hh-m278-jwg5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/e107inc/e107/security/advisories/GHSA-m4hh-m278-jwg5"
            }
          ],
          "source": {
            "advisory": "GHSA-m4hh-m278-jwg5",
            "discovery": "UNKNOWN"
          },
          "title": "e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-46620",
        "datePublished": "2026-05-26T15:04:32.092Z",
        "dateReserved": "2026-05-15T19:34:14.012Z",
        "dateUpdated": "2026-05-27T16:04:41.864Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43935 (GCVE-0-2026-43935)

    Vulnerability from cvelistv5 – Published: 2026-05-26 15:01 – Updated: 2026-05-26 15:49
    VLAI
    Title
    e107: Host Header Injection in e107 password reset enables phishing
    Summary
    e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, or other security risks. The severity is high, as the vulnerability affects a critical function related to user authentication. This vulnerability is fixed in 2.3.4.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-807 - Reliance on Untrusted Inputs in a Security Decision
    Assigner
    Impacted products
    Vendor Product Version
    e107inc e107 Affected: < 2.3.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43935",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T15:49:32.402267Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T15:49:36.185Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/e107inc/e107/security/advisories/GHSA-7pmw-jwvr-cq2x"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "e107",
              "vendor": "e107inc",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, or other security risks. The severity is high, as the vulnerability affects a critical function related to user authentication. This vulnerability is fixed in 2.3.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-807",
                  "description": "CWE-807: Reliance on Untrusted Inputs in a Security Decision",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T15:01:36.720Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/e107inc/e107/security/advisories/GHSA-7pmw-jwvr-cq2x",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/e107inc/e107/security/advisories/GHSA-7pmw-jwvr-cq2x"
            },
            {
              "name": "https://github.com/e107inc/e107/commit/04511f9f1d6e97c31ba7cc5bf7f1f9a19d221db6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/e107inc/e107/commit/04511f9f1d6e97c31ba7cc5bf7f1f9a19d221db6"
            },
            {
              "name": "https://github.com/e107inc/e107/commit/b0dee8234e273debbf7a8ae054de464f1008f357",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/e107inc/e107/commit/b0dee8234e273debbf7a8ae054de464f1008f357"
            },
            {
              "name": "https://github.com/e107inc/e107/commit/c4f9f71b0fd695545d0f09e2277b6f70ff4660fc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/e107inc/e107/commit/c4f9f71b0fd695545d0f09e2277b6f70ff4660fc"
            }
          ],
          "source": {
            "advisory": "GHSA-7pmw-jwvr-cq2x",
            "discovery": "UNKNOWN"
          },
          "title": "e107: Host Header Injection in e107 password reset enables phishing"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-43935",
        "datePublished": "2026-05-26T15:01:36.720Z",
        "dateReserved": "2026-05-04T16:59:09.089Z",
        "dateUpdated": "2026-05-26T15:49:36.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43934 (GCVE-0-2026-43934)

    Vulnerability from cvelistv5 – Published: 2026-05-26 14:54 – Updated: 2026-05-26 17:40
    VLAI
    Title
    e107: Broken Access Control in e107 comment edit allows cross-user comment modification
    Summary
    e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends only on a predictable identifier in the request to determine which comment to edit, without confirming the requesting user’s ownership of the comment. This vulnerability is fixed in 2.3.4.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    e107inc e107 Affected: < 2.3.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43934",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T17:40:26.682147Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T17:40:51.812Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/e107inc/e107/security/advisories/GHSA-5w63-63rh-99q6"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "e107",
              "vendor": "e107inc",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends only on a predictable identifier in the request to determine which comment to edit, without confirming the requesting user\u2019s ownership of the comment. This vulnerability is fixed in 2.3.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:54:21.210Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/e107inc/e107/security/advisories/GHSA-5w63-63rh-99q6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/e107inc/e107/security/advisories/GHSA-5w63-63rh-99q6"
            },
            {
              "name": "https://github.com/e107inc/e107/commit/23961a8f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/e107inc/e107/commit/23961a8f"
            }
          ],
          "source": {
            "advisory": "GHSA-5w63-63rh-99q6",
            "discovery": "UNKNOWN"
          },
          "title": "e107: Broken Access Control in e107 comment edit allows cross-user comment modification"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-43934",
        "datePublished": "2026-05-26T14:54:21.210Z",
        "dateReserved": "2026-05-04T16:59:09.089Z",
        "dateUpdated": "2026-05-26T17:40:51.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43936 (GCVE-0-2026-43936)

    Vulnerability from cvelistv5 – Published: 2026-05-26 14:51 – Updated: 2026-05-26 16:21
    VLAI
    Title
    e107: Server-Side Request Forgery (SSRF) in the remote file fetcher
    Summary
    e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    e107inc e107 Affected: < 2.3.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43936",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T16:20:54.858253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T16:21:18.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/e107inc/e107/security/advisories/GHSA-92fr-7h4f-22pp"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "e107",
              "vendor": "e107inc",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from \"Image/File URL:\" of \"From a remote location\" in \"Media Manager\" on the administrator screen. This vulnerability is fixed in 2.3.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:51:49.317Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/e107inc/e107/security/advisories/GHSA-92fr-7h4f-22pp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/e107inc/e107/security/advisories/GHSA-92fr-7h4f-22pp"
            },
            {
              "name": "https://github.com/e107inc/e107/commit/40b2d111",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/e107inc/e107/commit/40b2d111"
            },
            {
              "name": "https://github.com/e107inc/e107/commit/5f98cc9f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/e107inc/e107/commit/5f98cc9f"
            }
          ],
          "source": {
            "advisory": "GHSA-92fr-7h4f-22pp",
            "discovery": "UNKNOWN"
          },
          "title": "e107: Server-Side Request Forgery (SSRF) in the remote file fetcher"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-43936",
        "datePublished": "2026-05-26T14:51:49.317Z",
        "dateReserved": "2026-05-04T16:59:09.089Z",
        "dateUpdated": "2026-05-26T16:21:18.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }