CVE-2022-50916

High CVSS: 8.7

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.php in the web application directory.

Vendor

E107

Product

E107

CWE

CWE-434

Yayın Tarihi

2026-01-13 23:15:55

Güncelleme

2026-01-16 19:16:13

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 E107 HIGH E107 2026

Referanslar

https://e107.org/ https://e107.org/download https://www.exploit-db.com/exploits/50910 https://www.vulncheck.com/advisories/e-cms-upload-restriction-bypass-authenticated-admin-server-file-override

Benzer Kayıtlar

High

CVE-2022-50939

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to overrid…

Critical

CVE-2022-50905

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulner…

Medium

CVE-2022-50906

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload ma…

High

CVE-2022-50907

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upl…

Medium

CVE-2025-11941

A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php…

Medium

CVE-2025-61505

e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the `install.php` script. The script processes user-co…