PT-2025-42718 · E107 Cms · E107 Cms
Angelkat
·
Published
2025-10-19
·
Updated
2025-10-19
·
CVE-2025-11941
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
e107 CMS versions prior to 2.3.3
Description
A path traversal issue exists in e107 CMS. The issue is located in the Avatar Handler component, specifically within the file
/e107 admin/image.php?mode=main&action=avatar. Manipulation of the multiaction[] argument can lead to path traversal. The attack can be initiated remotely. The exploit is publicly available.Recommendations
Update e107 CMS to a version newer than 2.3.3.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
E107 Cms