PT-2026-2383 · E107 Cms · E107 Cms
Hubert Wojciechowski
·
Published
2026-01-13
·
Updated
2026-01-15
·
CVE-2022-50907
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
e107 CMS version 3.2.1
Description
e107 CMS version 3.2.1 has a file upload issue. Authenticated administrative users can bypass upload restrictions and execute PHP files. An attacker can upload malicious PHP files to parent directories by manipulating the upload URL parameter. This allows for remote code execution through the Media Manager import feature. The vulnerable parameter is the
upload URL parameter.Recommendations
Update to a newer version that contains a fix for this vulnerability.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
E107 Cms