PT-2026-2383 · E107 Cms · E107 Cms

Hubert Wojciechowski

·

Publicado

2026-01-13

·

Atualizado

2026-01-15

·

CVE-2022-50907

CVSS v3.1

7.2

Alta

VetorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1
Description e107 CMS version 3.2.1 has a file upload issue. Authenticated administrative users can bypass upload restrictions and execute PHP files. An attacker can upload malicious PHP files to parent directories by manipulating the upload URL parameter. This allows for remote code execution through the Media Manager import feature. The vulnerable parameter is the upload URL parameter.
Recommendations Update to a newer version that contains a fix for this vulnerability.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2022-50907

Produtos afetados

E107 Cms