Xancatos

**Name of the Vulnerable Software and Affected Versions** e107 CMS versions through 2.3.3 **Description** The software contains a flaw due to insecure deserialization in the `install.php` script. The script processes user-controlled input received in the `previous steps` POST parameter using `unserialize(base64 decode())` without proper validation. Successful exploitation of this issue could result in remote code execution, arbitrary file operations, or denial of service, contingent on the presence of PHP object gadgets within the codebase. **Recommendations** Update to a version beyond 2.3.3.