PT-2026-2392 · E107 Cms · E107 Cms

Hubert Wojciechowski

·

Publicado

2026-01-13

·

Atualizado

2026-01-15

·

CVE-2022-50916

CVSS v3.1

7.2

Alta

VetorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1
Description The application contains a file upload issue that allows administrators with authentication to overwrite server files using the Media Manager import functionality. Specifically, attackers can manipulate the upload URL parameter to overwrite files such as top.php within the web application directory.
Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the Media Manager import functionality.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2022-50916

Produtos afetados

E107 Cms