Camer0N

Name of the Vulnerable Software and Affected Versions: e107 versions 2.3.0 and earlier Description: The issue is related to the lack of a certain e TOKEN protection mechanism in the usersettings.php file. This affects the security of the software. Recommendations: For versions 2.3.0 and earlier, update to a version that includes the e TOKEN protection mechanism in the usersettings.php file to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** e107 version 2.1.8 **Description** The issue allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the `content type` set to 'image/jpeg'. This is possible due to a flaw in the 'e107 web/js/plupload/upload.php' file. **Recommendations** For e107 version 2.1.8, consider restricting the upload of files with .php extensions to prevent arbitrary PHP code execution until a patch is available. As a temporary workaround, restrict access to the 'e107 web/js/plupload/upload.php' file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** e107 version 2.1.4 **Description** The issue allows a malicious web page to use forged requests to make e107 download and install a plug-in provided by the attacker, due to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. **Recommendations** For version 2.1.4, consider disabling the plugin-installing feature until a patch is available to prevent exploitation. Restrict access to meta-changing and settings-changing functionalities to minimize the risk of cross-site request forgery attacks.