CVE-2022-50906

Medium CVSS: 4.8

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting (XSS) payloads that can execute arbitrary scripts when viewed.

Vendor

E107

Product

E107

CWE

CWE-79

Yayın Tarihi

2026-01-13 23:15:53

Güncelleme

2026-01-16 19:16:12

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 E107 MEDIUM E107 2026

Referanslar

https://e107.org/ https://e107.org/download https://www.exploit-db.com/exploits/50910 https://www.vulncheck.com/advisories/e-cms-admin-upload-restriction-bypass-stored-xss

Benzer Kayıtlar

High

CVE-2022-50939

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to overrid…

High

CVE-2022-50916

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server…

Critical

CVE-2022-50905

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulner…

High

CVE-2022-50907

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upl…

Medium

CVE-2025-11941

A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php…

Medium

CVE-2025-61505

e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the `install.php` script. The script processes user-co…