CVE-2025-11941

Medium CVSS: 5.3

A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction[] results in path traversal. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

E107

Product

E107

CWE

CWE-22

Yayın Tarihi

2025-10-19 16:15:35

Güncelleme

2026-01-12 16:42:12

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-22 E107 MEDIUM E107 2025

Referanslar

https://note-hxlab.wetolink.com/share/igdVbDCk2IkD https://note-hxlab.wetolink.com/share/igdVbDCk2IkD#proof-of-concept- https://vuldb.com/?ctiid.329020 https://vuldb.com/?id.329020 https://vuldb.com/?submit.671867

Benzer Kayıtlar

High

CVE-2022-50939

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to overrid…

High

CVE-2022-50916

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server…

Critical

CVE-2022-50905

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulner…

Medium

CVE-2022-50906

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload ma…

High

CVE-2022-50907

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upl…

Medium

CVE-2025-61505

e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the `install.php` script. The script processes user-co…