CVE-2025-61505

Name of the Vulnerable Software and Affected Versions e107 CMS versions through 2.3.3

Description The software contains a flaw due to insecure deserialization in the install.php script. The script processes user-controlled input received in the previous steps POST parameter using unserialize(base64 decode()) without proper validation. Successful exploitation of this issue could result in remote code execution, arbitrary file operations, or denial of service, contingent on the presence of PHP object gadgets within the codebase.

Recommendations Update to a version beyond 2.3.3.